Vendor CVEs

LibreHealth

All CVEs

22 total · sorted by risk

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-31496	LibreHealth EMR	—	0.00	Jun 8, 2022	LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31497	LibreHealth EMR	—	0.00	Jun 8, 2022	LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
CVE-2022-31495	LibreHealth EMR	—	0.00	Jun 7, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
CVE-2022-31494	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVE-2022-31498	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVE-2022-31492	LibreHealth EMR	—	0.00	Jun 6, 2022	Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-31493	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVE-2022-29938	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2022-29939	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29940	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-23829	LibreHealth Lh Ehr	—	0.02	Sep 1, 2020	interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
CVE-2020-11438	LibreHealth EMR	—	0.00	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-11436	LibreHealth EMR	—	0.01	Jul 15, 2020	LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVE-2020-11437	LibreHealth EMR	—	0.00	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVE-2020-11439	LibreHealth EMR	—	0.01	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
CVE-2018-1000839	LibreHealth Lh Ehr	—	0.04	Dec 20, 2018	LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
CVE-2018-1000648	LibreHealth Lh Ehr	—	0.02	Aug 20, 2018	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User…
CVE-2018-1000646	LibreHealth Lh Ehr	—	0.02	Aug 20, 2018	LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
CVE-2018-1000649	LibreHealth Lh Ehr	—	0.02	Aug 20, 2018	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be…
CVE-2018-1000650	LibreHealth Lh Ehr	—	0.00	Aug 20, 2018	LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
CVE-2018-1000645	LibreHealth Lh Ehr	—	0.00	Aug 20, 2018	LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled…
CVE-2018-1000647	LibreHealth Lh Ehr	—	0.01	Aug 20, 2018	LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

CVE-2022-31496Jun 8, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31497Jun 8, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
CVE-2022-31495Jun 7, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
CVE-2022-31494Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVE-2022-31498Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVE-2022-31492Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-31493Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVE-2022-29938May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2022-29939May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29940May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-23829Sep 1, 2020
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.02
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
CVE-2020-11438Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-11436Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.01
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVE-2020-11437Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVE-2020-11439Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.01
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
CVE-2018-1000839Dec 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.04
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
CVE-2018-1000648Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.02
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User…
CVE-2018-1000646Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.02
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
CVE-2018-1000649Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.02
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be…
CVE-2018-1000650Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.00
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
CVE-2018-1000645Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.00
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled…
CVE-2018-1000647Aug 20, 2018
LibreHealth
Lh Ehr
risk 0.00cvss —epss 0.01
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.