CVE-2017-16540 in OpenEMRinfo

Summary

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

11/04/2017

Disclosure

11/04/2017

Moderation

VulDB entry created

Entries

VDB-109143 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

Exploit

Download

CVSS

6.4

EPSS

0.00334

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-16540
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-16540
CVE Details	https://www.cvedetails.com/cve/CVE-2017-16540/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!