CVE Tools

librehealth

Enterprise Softwareoss-project

16

Cumulative CVEs

3

Monthly snapshots

#52

Peak rank

Top products

librehealth ehr7

Latest CVEs

The 15 most recently published vulnerabilities affecting librehealth.

CVE-2022-31496LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.8.8Jun 8, 2022
CVE-2022-31497LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.6.1Jun 8, 2022
CVE-2022-31495LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.6.1Jun 7, 2022
CVE-2022-31494LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.6.1Jun 6, 2022
CVE-2022-31498LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.6.1Jun 6, 2022
CVE-2022-31492Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.6.1Jun 6, 2022
CVE-2022-31493LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.6.1Jun 6, 2022
CVE-2022-29938In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.8.8May 5, 2022
CVE-2022-29939In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.5.4May 5, 2022
CVE-2022-29940In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.5.4May 5, 2022
CVE-2020-23829interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the ho...8.8Sep 1, 2020
CVE-2020-11438LibreHealth EMR v2.0.0 is affected by systemic CSRF.8.8Jul 15, 2020
CVE-2020-11436LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.9.0Jul 15, 2020
CVE-2020-11437LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.4.3Jul 15, 2020
CVE-2020-11439LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.8.8Jul 15, 2020