Total vulnerabilities in the database
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
| Software | From | Fixed in |
|---|---|---|
| open-emr / openemr | 2.8.3 | 2.8.3.x |
| open-emr / openemr | 4.0.0 | 4.0.0.x |
| open-emr / openemr | 3.2.0 | 3.2.0.x |
| open-emr / openemr | 4.1.1 | 4.1.1.x |
| open-emr / openemr | 4.2.0 | 4.2.0.x |
| open-emr / openemr | 4.1.0 | 4.1.0.x |
| open-emr / openemr | 4.1.2 | 4.1.2.x |
| open-emr / openemr | 3.0.1 | 3.0.1.x |
| open-emr / openemr | 3.1.0 | 3.1.0.x |
| open-emr / openemr | 2.9.0 | 2.9.0.x |