openemr
Default Creds
admin:passInteresting Paths
# version check
/admin.php
# db information
/gacl/setup.php
# register page
/portal/account/register.php
# db creds
/sql/defaults.sql
/sites/default/sqlconf.phpEnable patient portal
Note: most exploit db require this
Logged in > Administration > Globals > Portal > Enable Version 2 Onsite Patient Portal
RCE (authenticated)
v5.0.1.x
https://www.exploit-db.com/exploits/45161multiple SQLi
v5.0.1.3
https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdfLast updated
Was this helpful?