CVE-2018-15146

2018-08-1517:29:00

Google

osv.dev

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter.

References

github.com/openemr/openemr/pull/1757/files

insecurity.sh/reports/openemr.pdf

www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/

www.open-emr.org/wiki/index.php/OpenEMR_Patches