2 matches found
CVE-2020-29142
A SQL injection vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedulefacility parameter when restrictuserfacility=on is in global settings...
CVE-2020-29142
OpenEMR contains a SQL injection in interface/usergroup/usergroup_admin.php (CVE-2020-29142). The flaw allows a remote, authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when global setting restrict_user_facility is on, affecting OpenEMR versions before ...