QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4453

Published: Jul 5, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150618 CVE-2015-4453 - Authentication bypass in OpenEMR

mailing-list

x_refsource_FULLDISC

JVNDB-2015-000092

third-party-advisory

x_refsource_JVNDB

http://packetstormsecurity.com/files/132368/OpenEMR-4.2.0-Authentication-Bypass.html

x_refsource_MISC

third-party-advisory

x_refsource_JVN

http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.