"Electronic Medical Records Cracked Open by OpenClinic Bugs"

Researchers at Bishop Fox have discovered four vulnerabilities in the OpenClinic application used for sharing electronic medical records.  Its latest version is 0.8.2 and was released in 2016.  According to researchers, the four bugs involve missing authentication, insecure file upload, cross-site scripting (XSS), and path-traversal.  The most concerning flaw found would allow a remote, unauthenticated attacker to read patients’ personal health information (PHI) from the application.

Threatpost reports: "Electronic Medical Records Cracked Open by OpenClinic Bugs"