mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-27 09:10:39 +01:00
831 B
831 B
CVE-2015-4453
Description
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.