Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenEMR's payments gateway_api_key secret rendered into client JS code
Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OpenEMR 信息泄露漏洞
Vulnerability Description
OpenEMR是OpenEMR社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 5.0.2至8.0.0之前版本存在信息泄露漏洞,该漏洞源于至少两条路径将gateway_api_key密钥值以明文形式呈现给客户端,可能导致任意资金流动或支付网关API的广泛账户接管。
CVSS Information
N/A
Vulnerability Type
N/A