CVE-2018-15151
OpenEMR contains a SQL injection vulnerability in interfaces/de_identification_forms/find_code_popup.php prior to 5.0.1.4. An authenticated user can exploit the 'search_term' parameter to execute arbitrary SQL commands, with impact rated as partial confidentiality, integrity, and availability; re...