VULHUB ™

OpenEMR存在多个PHP远程文件包含漏洞，当系统启用register_globals时，远程攻击者可通过传给在interface/billing/内的(a)billing_process.php，(b)billing_report.php，(c)billing_report_xml.php和(d)print_billing_report.php； (e)login.php；(f)interface/batchcom/batchcom.php；(g)interface/login/login.php；(h)main_info.php和(i)main.php in interface/main/；(j)interface/new/new_patient_save.php；(k)interface/practice/ins_search.php；(l)interface/logout.php；在interface/reports内的(m)custom_report_range.php，(n)players_report.php和(o)front_receipts_report.php；在interface/usergroup内的(p)facility_admin.php，(q)usergroup_admin.php和(r)user_info.php；或(s)custom/import_xml.php的srcdir参数来执行任意PHP代码。

OpenEMR存在多个PHP远程文件包含漏洞，当系统启用register_globals时，远程攻击者可通过传给在interface/billing/内的(a)billing_process.php，(b)billing_report.php，(c)billing_report_xml.php和(d)print_billing_report.php； (e)login.php；(f)interface/batchcom/batchcom.php；(g)interface/login/login.php；(h)main_info.php和(i)main.php in interface/main/；(j)interface/new/new_patient_save.php；(k)interface/practice/ins_search.php；(l)interface/logout.php；在interface/reports内的(m)custom_report_range.php，(n)players_report.php和(o)front_receipts_report.php；在interface/usergroup内的(p)facility_admin.php，(q)usergroup_admin.php和(r)user_info.php；或(s)custom/import_xml.php的srcdir参数来执行任意PHP代码。