Librehealth Librehealth Ehr — known CVE vulnerabilities
Every CVE whose affected-product data names Librehealth Librehealth Ehr, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2020-11436 — CVSS 9.0 (critical): LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including…
CVE-2018-1000646 — CVSS 8.8 (high): LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result…
CVE-2018-1000648 — CVSS 8.8 (high): LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that…
CVE-2018-1000649 — CVSS 8.8 (high): LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file…
CVE-2018-1000650 — CVSS 8.8 (high): LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in…
CVE-2018-1000839 — CVSS 8.8 (high): LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution…
CVE-2020-23829 — CVSS 8.8 (high): interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote…
CVE-2022-29938 — CVSS 8.8 (high): In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via…
CVE-2020-11439 — CVSS 8.8 (high): LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR…
CVE-2018-1000647 — CVSS 7.1 (high): LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result…
CVE-2018-1000645 — CVSS 6.5 (medium): LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows…
CVE-2022-31492 — CVSS 6.1 (medium): Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-29940 — CVSS 5.4 (medium): In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to…
CVE-2022-29939 — CVSS 5.4 (medium): In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to…
CVE-2020-11437 — CVSS 4.3 (medium): LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.