CVE-2013-10044 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and s…
High CVSS: 8.7

CVE-2013-10044

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
Vendor
Open-emr
Product
Openemr
CWE
CWE-89
Yayın Tarihi
2025-08-01 21:15:26
Güncelleme
2025-11-26 14:10:49
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-89 Openemr HIGH Open-emr 2025

Referanslar

https://github.com/openemr/openemr https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb https://www.exploit-db.com/exploits/28329 https://www.exploit-db.com/exploits/28408 https://www.open-emr.org/ https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb https://www.exploit-db.com/exploits/28329 https://www.exploit-db.com/exploits/28408