Authentication Bypass and Sensitive Information Disclosure in OpenEMR

Authentication Bypass and Sensitive Information Disclosure in OpenEMR

CVE-2015-4453 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

Learn more about our Web Application Penetration Testing UK.