ID de Prueba:	1.3.6.1.4.1.25623.1.0.805345
Categoría:	Web application abuses
Título:	OpenEMR 'validateUser.php' SQLi Vulnerability - Active Check
Resumen:	OpenEMR is prone to an SQL injection (SQLi) vulnerability.
Descripción:	Summary: OpenEMR is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: Flaw is due to the validateUser.php script not properly sanitizing user-supplied input to the 'u' parameter. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: OpenEMR version 4.1.0 and possibly earlier. Solution: Update to version 4.1.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2115 BugTraq ID: 51247 http://www.securityfocus.com/bid/51247 Bugtraq: 20120103 SQL Injection Vulnerability in OpenEMR 4.1.0 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html http://www.exploit-db.com/exploits/18274 http://seclists.org/fulldisclosure/2012/Jan/27 http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/ http://www.openwall.com/lists/oss-security/2012/04/17/1 http://www.openwall.com/lists/oss-security/2012/04/18/7 http://www.osvdb.org/78132 XForce ISS Database: openemr-validateuser-sql-injection(71983) https://exchange.xforce.ibmcloud.com/vulnerabilities/71983
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.