Researchers found three separate vulnerabilities. OpenEMRopen source software for electronic medical records and practice management.
Published by Sonar’s Clean Code Experts Recommendation On Wednesday, about a flaw discovered by security researcher Dennis Brinkrolf.
“Several code vulnerabilities were discovered in OpenEMR during a security investigation of a popular web application,” Brinkrolf wrote.
“The combination of these vulnerabilities allows remote attackers to execute arbitrary system commands on arbitrary OpenEMR servers and steal sensitive patient data. In the worst case, entire critical infrastructure could be compromised. You may be exposed.”
Security experts have determined that the company’s static application security testing (SAST) engine could lead to unauthenticated remote code execution (RCE) when combining two of these three vulnerabilities. I explained that I found
“In summary, an attacker can upload PHP files with reflected XSS. […] Then run the PHP file using path traversal via local file inclusion. It takes a few tries to figure out the proper Unix timestamp, but eventually leads to remote code execution. ”
As for the third vulnerability, it allowed an attacker to configure OpenEMR in a specific way and ultimately steal user data.
“In other words, if OpenEMR is configured correctly, an unauthenticated attacker can read files such as certificates, passwords, tokens, and backups from your OpenEMR instance via a rogue MySQL server.” Brinkrolf explains.
The security researcher added that Sonar reported all issues to the OpenEMR maintainer on October 24, 2022, who released a patch to version 7.0.0, fixing all three vulnerabilities seven days later. I was.
“If you are using OpenEMR, we strongly recommend updating to the above fixed version,” concludes Sonar’s post. “Thanks to his OpenEMR team for their professional and prompt response and patch.”
The patched vulnerability comes almost five years after being discovered by Project Insecurity researchers. 20+ defects (now fixed) in OpenEMR.