[] NeoSense
E X P L O I T S
title author type platform port cve id

OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)

Author: Allen Enosh Upputori
type: webapps
platform: php
port: 
date_added: 2021-09-06 
date_updated: 2021-09-06 
verified: 0 
codes: CVE-2021-40352 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
# Date: 31/08/2021
# Exploit Author: Allen Enosh Upputori
# Vendor Homepage: https://www.open-emr.org
# Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads
# Version:  6.0.0
# Tested on: Linux
# CVE : CVE-2021-40352

How to Reproduce this Vulnerability:

1. Install Openemr 6.0.0
2. Login as an Physician
3. Open Messages
4. Click Print
5. Change the existing "noteid=" value to another number

This will reveal everybodys messages Incuding Admin only Messages
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.