librehealth CVE Vulnerabilities & CVE List (22)

Products (CPE): — CVEs: 22

librehealth vulnerability overview

Aggregates CVE and security vulnerability intelligence across all librehealth-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk sql injection, vendor risk path handling, vendor risk csrf, and vendor risk input validation and related problems; some flaws may lead to vendor impact data exposure.

Vulnerability distribution trend (last 24 months)

Showing 120 of 22 CVEs
«« First « Prev Page 1 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-31496 LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. [email protected] 8.8 1.88% 2022-06-08 2026-06-17
CVE-2022-31497 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. [email protected] 6.1 0.85% 2022-06-08 2026-06-17
CVE-2022-31495 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. [email protected] 6.1 0.90% 2022-06-07 2026-06-17
CVE-2022-31494 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. [email protected] 6.1 0.97% 2022-06-06 2026-06-17
CVE-2022-31498 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. [email protected] 6.1 0.90% 2022-06-06 2026-06-17
CVE-2022-31492 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. [email protected] 6.1 0.90% 2022-06-06 2026-06-17
CVE-2022-31493 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. [email protected] 6.1 0.90% 2022-06-06 2026-06-17
CVE-2022-29940 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. [email protected] 5.4 0.82% 2022-05-05 2026-06-17
CVE-2022-29939 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. [email protected] 5.4 0.82% 2022-05-05 2026-06-17
CVE-2022-29938 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. [email protected] 8.8 1.39% 2022-05-05 2026-06-17
CVE-2020-23829 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. [email protected] 8.8 2.53% 2020-09-01 2026-06-16
CVE-2020-11439 LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. [email protected] 8.8 1.96% 2020-07-15 2026-06-16
CVE-2020-11438 LibreHealth EMR v2.0.0 is affected by systemic CSRF. [email protected] 8.8 0.64% 2020-07-15 2026-06-16
CVE-2020-11437 LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. [email protected] 4.3 0.95% 2020-07-15 2026-06-16
CVE-2020-11436 LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. [email protected] 9.0 1.35% 2020-07-15 2026-06-16
CVE-2018-1000839 LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. [email protected] 8.8 3.13% 2018-12-20 2026-06-16
CVE-2018-1000650 LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. [email protected] 8.8 1.52% 2018-08-20 2026-06-16
CVE-2018-1000649 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. [email protected] 8.8 2.80% 2018-08-20 2026-06-16
CVE-2018-1000648 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. [email protected] 8.8 2.80% 2018-08-20 2026-06-16
CVE-2018-1000647 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. [email protected] 7.1 1.47% 2018-08-20 2026-06-16
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence