CVE-2024-37734

2024-06-2600:00:00

mitre

github.com

openemr 7.0.2

privilege escalation

crafted post request

AI Score

7.2

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
    ],
    "vendor": "openemr",
    "product": "openemr",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]