3 matches found
CVE-2013-4619
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 start or 2 end parameter to interface/reports/customreportrange.php, or the 3 formnewid parameter to custom/charttracker.php...
CVE-2013-4619
OpenEMR 4.1.1 (patch-12 and earlier) is affected by SQL injection in authenticated areas: (1) interface/reports/custom_report_range.php via start/end, and (2) custom/chart_tracker.php via form_newid. Root cause is insufficient input sanitization, allowing arbitrary SQL execution by authenticated ...
OpenEMR 4.1.1 patch-12 Cross Site Scripting / SQL Injection
Trustwave SpiderLabs Security Advisory TWSL2013-018: Multiple Vulnerabilities in OpenEMR Published: 07/12/13 Version: 1.0 Vendor: OEMR www.open-emr.org Product: OpenEMR Version affected: 4.1.1 patch-12 and prior Product description: OpenEMR is an ONC-ATB Ambulatory EHR 2011-2012 certified...