Security Advisory

CVE-2015-4453

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-07-05 01:00:00

Last updated 2024-08-06 06:18:11

Assigner mitre

State PUBLISHED

Description

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

← Browse all CVEs View on cve.org ↗