Vulnerability Description
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Emr | Openemr | <= 4.1.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html
- http://seclists.org/fulldisclosure/2012/Jan/27
- http://www.exploit-db.com/exploits/18274Exploit
- http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/
- http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
- http://www.openwall.com/lists/oss-security/2012/04/17/1
- http://www.openwall.com/lists/oss-security/2012/04/18/7
- http://www.osvdb.org/78132
- http://www.securityfocus.com/bid/51247Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71983
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html
- http://seclists.org/fulldisclosure/2012/Jan/27
- http://www.exploit-db.com/exploits/18274Exploit
- http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/
- http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
FAQ
What is CVE-2012-2115?
CVE-2012-2115 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
How severe is CVE-2012-2115?
CVE-2012-2115 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2115?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Emr Openemr.