CVE-2026-32126

OpenEMR prior to version 8.0.0.1 contains an inverted boolean condition in ControllerRouter::route() that enforces the admin/super ACL check only for controllers with their own internal authorization (e.g., review, log). As a result, all other CDR controllers (alerts, ajax, edit, add, detail, bro...

CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2019-17197

OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinicalrules.php that affects library/patient.inc...

CVE-2019-17197

OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinicalrules.php that affects library/patient.inc...