Home / Vulnerability Intelligence / CVE-2023-54347

CVE-2023-54347 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: May 5, 2026

OpenEMR - Authentication Bypass

Published: May 5, 2026Updated: May 5, 2026PoC AvailableRemote Exploitable

Overview

OpenEMR 7.0.1 contains a broken authentication vulnerability caused by lack of effective rate limiting on the main login endpoint, letting attackers bypass account lockout and perform brute force attacks.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Attackers can bypass rate limiting to perform brute force attacks, potentially leading to unauthorized access.

Mitigation

Update to the latest version with effective rate limiting and account lockout protections.

References

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
https://www.exploit-db.com/exploits/51413
https://www.open-emr.org/
https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2023-54347
Severity: High
CVSS Score: 7.5
Type: broken_authentication
Status: confirmed

CWE

CWE-307

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N