CVE-2013-10044
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenEMR Foundation | OpenEMR | 0 <= 4.1.1 Patch 14 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb
- https://www.exploit-db.com/exploits/28329
- https://www.exploit-db.com/exploits/28408
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb
- https://www.exploit-db.com/exploits/28329
- https://www.exploit-db.com/exploits/28408
- https://www.open-emr.org/
- https://github.com/openemr/openemr
- https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.