A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1180 | Exploit Technical Description Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-01-28 13:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-13569
Mitre link : CVE-2020-13569
CVE.ORG link : CVE-2020-13569
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-352
Cross-Site Request Forgery (CSRF)