CVE-2012-0991 Scanner

OpenEMR is a robust and versatile electronic health records (EHR) software that is widely used by healthcare providers worldwide. It is designed to assist healthcare providers in managing their patients’ medical records and workflow processes. OpenEMR is a free and open source health IT solution that offers features such as patient scheduling, demographics, medical billing, clinical decision support, and electronic prescribing.

The CVE-2012-0991 vulnerability is a directory traversal security flaw that was detected in OpenEMR 4.1.0. It is caused by improper input validation and allows remote authenticated users to access arbitrary files by using a ".." (dot dot) in the formname parameter of contrib/acog/print_form.php or several files in interface/patient_file/encounter, including load_form.php, view_form.php, and trend_form.php. 

When exploited, this vulnerability could allow an attacker to read sensitive data such as PHI (protected health information) of patients, thereby putting confidential medical records at risk. An attacker could also execute arbitrary code, modify files, or even delete critical system files, leading to a potential breach of the organization’s data and systems.

At s4e.io, we have a comprehensive suite of pro security features that can help identify and mitigate security risks in your digital assets. Our platform provides automated vulnerability scanning, network discovery, and real-time threat notifications, among other features. By leveraging our platform, you can easily and quickly learn about vulnerabilities in your digital assets and keep your organization’s data and systems secure.

REFERENCES

• http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html
• http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
• http://www.securityfocus.com/bid/51788
• https://exchange.xforce.ibmcloud.com/vulnerabilities/72914
• https://www.htbridge.ch/advisory/HTB23069