8 matches found
CVE-2026-24908
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...
EUVD-2026-8703
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...
CVE-2026-24908 OpenEMR has SQL Injection in Patient API Sort Parameter
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...
CVE-2026-24908 OpenEMR has SQL Injection in Patient API Sort Parameter
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...
CVE-2026-24908
OpenEMR vulnerability CVE-2026-24908: Prior to v8.0.0, an SQL injection flaw in the Patient REST API endpoint allows authenticated API users to inject arbitrary SQL via the _sort parameter. This can lead to database access and exposure of PHI and credentials. A fix is available in v8.0.0. No expl...
CVE-2026-24908
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...
PT-2026-21974
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Patient REST API endpoint where an authenticated user with API access can execute arbitrary S...
CVE-2026-1146 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scripting
A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/apiregisterpatient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The...