Vulnerability: OpenEMR <=2.8.1 Multiple Remote File Inclusion Vulnerability Risk: High CVE: CVE-2006-5795 关键是CVSS Base Score: 7.5/10 - Exploit range: Remote - Confidentiality impact: Partial Impact Subscore: 6.4/10 - Attack complexity: Low - Integrity impact: Partial Exploitability Subscore: 10/10 - Authentication: No required - Availability impact: Partial Details: Affected software: OpenEMR version <=2.8.1, URL: http://www.open-emr.org Vulnerable file: interface/billing/billing_process.php Vulnerability in passing the parameter without proper verification, allowing the inclusion of arbitrary PHP code from remote or local files. Additional affected files include , , , and . Solution: Sanitize the variable in the affected files. Disable in configuration. Timeline: 2006-11-01: Vulnerability discovered and vendor contacted. 2006-11-07: Public disclosure. Contact: Echo Research & Development Center Email: the_day[at]echo[dot]org[dot]id