"Multiple Vulnerabilities Found In Healthcare Software OpenEMR"

Researchers at Sonar have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management.  The researchers stated that a combination of these vulnerabilities allows remote attackers to execute arbitrary system commands on any OpenEMR server and to steal sensitive patient data.  In the worst case, adversaries can compromise the entire critical infrastructure.  The researchers noted that Sonar's static application security testing (SAST) engine discovered that two of these three vulnerabilities combined could lead to unauthenticated remote code execution (RCE).  The researchers stated that an attacker can use the reflected XSS, upload a PHP file and then use the path traversal via the Local File Inclusion to execute the PHP file.  It takes a few tries to figure out the appropriate Unix timestamp but eventually leads to remote code execution.  The researchers noted that as for the third vulnerability, it allowed attackers to configure OpenEMR in a certain way in order to eventually steal user data.  The researchers noted that if OpenEMR is set up correctly, an unauthenticated attacker can read files like certificates, passwords, tokens, and backups from an OpenEMR instance via a rogue MySQL server.  The researchers reported all issues to the OpenEMR maintainers on October 24, 2022, who then released a patch to version 7.0.0, fixing all three vulnerabilities seven days later.

Infosecurity reports: "Multiple Vulnerabilities Found In Healthcare Software OpenEMR"