During an internship at NitroTeam.kz, my students found several vulnerabilities in LibreHealth: Broken Access Control (CVE-2022-31496), Cross-Site Scripting (CVE-2022-31492, CVE-2022-31493, CVE-2022-31494, CVE-2022-31495, CVE-2022-31497, CVE-2022-31498).
Category: PHP
Multiple vulnerabilities in LibreHealth EHR 2.0.0
I have found several vulnerabilities in open-source system LibreHealth EHR 2.0.0. More precisely 1 SQL-injection (CVE-2022-29938) and 2 Cross-site scripting (XSS) (CVE-2022-29939, CVE-2022-29940) vulnerabilities.
CVE-2021-34187. Unauthenticated SQL injection in Chamilo LMS 1.11.x and (dev version of) 2.0
Lack of sanitization of GET-parameters searchField, filters, filters2 in /main/inc/ajax/model.ajax.php leads to the multiple unauthorized SQL injections in Chamilo LMS 1.11.x and (dev version of) 2.0
CVE-2020-29143. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/non_reported.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29142. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/usergroup/usergroup_admin.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29140. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/immunization_report.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29139. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in library/patient.inc leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
A note on Yii2 code generation safe usage
Yii2 is one of the popular PHP frameworks with difficult name to read. Correct use of frameworks significantly reduces development time, and also covers most of the security issues. But this, of course, does not mean the absolute safety of Yii2 applications, since there is always a human factor in any system. This short note… Continue reading A note on Yii2 code generation safe usage
Review of PHP backdoors
Made report at Open Sysconf’19 about PHP backdoors with my colleague @joe1black. In this report were considered backdoors of different levels: common and uncommon with examples. PDF in russian language.