Security Alert Fixes

Outdated issues from a long time ago.

Place to record and track OpenEMR security alerts and their fixes (in chronological order from earlier to later):

The first two items likely still exist. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The last 2 items will are fixed in most recent 4.1.1 patch and dev version.

The first item is same as the arbitrary file upload vulnerability item reported above and has been fixed in most recent 4.1.1 patch and dev version.
The second item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The third item is fixed in most recent 4.1.1 patch and dev version.
The fourth item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The fifth item is fixed in most recent 4.1.1 patch and dev version.
The sixth item is fixed in most recent 4.1.1 patch and dev version.
The seventh item is fixed in most recent 4.1.1 patch and dev version.
The eighth item is fixed in most recent 4.1.1 patch and dev version.

TODO:

Systematically go through the https://web.nvd.nist.gov/view/vuln/search site to ensure all vulnerabilities have been addressed.

Navigation menu