Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40352 PoC — OpenEMR 日志信息泄露漏洞

Source
https://github.com/allenenosh/CVE-2021-40352
Associated Vulnerability
Title:OpenEMR 日志信息泄露漏洞 (CVE-2021-40352)
Description:OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
Readme
# CVE-2021-40352
Opnemr Version 6.0.0 
Has a security vulnerability where an attacker who has Physician Access can read messages with were sent to others members including admin messages

the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16"

changing the "noteid=" to any other number will reveal the messages of everyone 

Discovered by Allen Enosh Upputori , September 2021 .


CVE issued 31/08/2021

Check the CVE listed here : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40352.
File Snapshot

 [4.0K]  /data/pocs/a557e8e22385921511fb870f1ef0f2e3e62b1d5d
├── [101K]  5.png
├── [ 19K]  6.png
├── [1.0K]  LICENSE
└── [ 527]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →