CVE-2006-5795 in OpenEMRinfo

Summary

by MITRE

Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/26/2026

The vulnerability described in CVE-2006-5795 represents a critical remote file inclusion flaw affecting OpenEMR versions 2.8.1 and earlier. This vulnerability stems from improper input validation and the dangerous combination of register_globals being enabled, creating a pathway for remote attackers to inject malicious code through carefully crafted URLs. The affected applications span multiple components within the OpenEMR interface directory, including billing processes, login mechanisms, patient management systems, reporting modules, and user administration functions. The attack vector specifically targets the srcdir parameter in numerous php files, allowing attackers to specify external URLs that get included and executed as PHP code. This vulnerability directly maps to CWE-88, which describes improper neutralization of special elements used in an expression, and CWE-94, which covers improper execution of code due to improper input validation. The operational impact of this vulnerability is severe as it provides attackers with arbitrary code execution capabilities on the affected server, potentially leading to complete system compromise, data theft, and unauthorized access to sensitive patient information. The presence of register_globals in the configuration creates an additional attack surface where variables from user input can be automatically imported into the global namespace, bypassing normal security boundaries. Attackers can leverage this vulnerability to execute malicious scripts, establish backdoors, or perform further reconnaissance within the network. The affected files cover critical system functions including authentication mechanisms, billing processing, patient data management, and reporting capabilities, making the potential impact on healthcare data security particularly concerning. The vulnerability affects the core operational integrity of OpenEMR systems, which are commonly used in healthcare environments where data protection and system availability are paramount. According to ATT&CK framework, this vulnerability corresponds to T1190 - Exploit Public-Facing Application, and T1059 - Command and Scripting Interpreter, as it allows for remote code execution through web-based attacks. The security implications extend beyond immediate code execution to include potential data breaches, system takeover, and disruption of healthcare services. Organizations using affected OpenEMR versions must implement immediate mitigations including disabling register_globals, implementing proper input validation, and applying security patches. The vulnerability demonstrates the critical importance of proper parameter validation and the dangers of legacy PHP configurations that enable automatic variable registration from user input. System administrators should also consider implementing web application firewalls and monitoring for suspicious URL patterns that may indicate exploitation attempts. The vulnerability underscores the need for comprehensive security testing and input sanitization practices in healthcare applications where patient data security is of utmost importance. Remediation efforts must include not only patching the specific vulnerability but also addressing the underlying architectural issues that made such attacks possible in the first place.

Reservation

11/08/2006

Disclosure

11/08/2006

Moderation

accepted

Entry

VDB-33174

CPE

ready

Exploit

Download

EPSS

0.03258

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!