What is CVE-2017-12064?

CVE-2017-12064 is a high-severity vulnerability in Open-emr Openemr, classified under Improper Encoding or Escaping of Output. CVSS score: 7.5/10. Published 2017-08-01.

How severe is CVE-2017-12064?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Open-emr Openemr

CVE-2017-12064

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.

EPSS: 0.006 (69.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Open-emr Openemr — versions 5.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2017-12064?: CVE-2017-12064 is a high-severity vulnerability in Open-emr Openemr, classified under Improper Encoding or Escaping of Output. CVSS score: 7.5/10. Published 2017-08-01.
How severe is CVE-2017-12064?: High severity. CVSS v3 base score is 7.5 out of 10.