CVE-2021-40352 PoC — OpenEMR 日志信息泄露漏洞

Source

https://github.com/allenenosh/CVE-2021-40352

Associated Vulnerability

Title:OpenEMR 日志信息泄露漏洞 (CVE-2021-40352)
Description:OpenEMR是OpenEMR（Openemr）社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 6.0.0存在安全漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Readme

# CVE-2021-40352
Opnemr Version 6.0.0 
Has a security vulnerability where an attacker who has Physician Access can read messages with were sent to others members including admin messages

the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16"

changing the "noteid=" to any other number will reveal the messages of everyone 

Discovered by Allen Enosh Upputori , September 2021 .


CVE issued 31/08/2021

Check the CVE listed here : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40352.

File Snapshot


 [4.0K]  /data/pocs/a557e8e22385921511fb870f1ef0f2e3e62b1d5d
├── [101K]  5.png
├── [ 19K]  6.png
├── [1.0K]  LICENSE
└── [ 527]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!