openemr

Default Creds

admin:pass

Interesting Paths

# version check
/admin.php

# db information
/gacl/setup.php

# register page
/portal/account/register.php

# db creds
/sql/defaults.sql
/sites/default/sqlconf.php

Enable patient portal

Note: most exploit db require this

Logged in > Administration > Globals > Portal > Enable Version 2 Onsite Patient Portal

RCE (authenticated)

v5.0.1.x

https://www.exploit-db.com/exploits/45161

multiple SQLi

v5.0.1.3

https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf
PreviousopendocmanNextopensmtpd

Last updated