OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.Referenceshttps://www.open-emr.org/wiki/index.php/Securing_OpenEMRhttps://github.com/allenenosh/CVE-2021-40352http://packetstormsecurity.com/files/164011/OpenEMR-6.0.0-Insecure-Direct-Object-Reference.html
