Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:PHP:OPENEMR-GLOBALS-AB |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
OpenEMR globals.php Authentication Bypass |
Release Date |
2015/10/26 |
Update Number |
2551 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: OpenEMR globals.php Authentication Bypass
This signature detects attempts to exploit a known vulnerability in the OpenEMR globals.php script. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the system.
Extended Description
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
Affected Products
- Open-emr openemr 2.8.3
- Open-emr openemr 2.9.0
- Open-emr openemr 3.0.1
- Open-emr openemr 3.1.0
- Open-emr openemr 3.2.0
- Open-emr openemr 4.0.0
- Open-emr openemr 4.1.0
- Open-emr openemr 4.1.1
- Open-emr openemr 4.1.2
- Open-emr openemr 4.2.0
References
- CVE: CVE-2015-4453