CVE-2026-33914

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 had a SQL injection...

CVE-2026-33914

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914

OpenEMR (prior to 8.0.0.3) contains a blind SQL injection in the PostCalendar categoriesUpdate function. The malsicious code uses the dels POST parameter, which is read via pnVarCleanFromInput() (HTML tags stripped only) and directly interpolated into a raw SQL DELETE statement executed by Doctri...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

EUVD-2004-1781

Malware in sbrugna...

EUVD-2002-0731

Malware in sbrugna...

CVE-2004-1787

SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries...

CVE-2004-1787

CVE-2004-1787 affects PostCalendar 4.0.0 . The vulnerability is a SQL injection in search queries that allows remote attackers to execute arbitrary SQL commands. Root cause, as stated, is unvalidated/unsafely composed input in the search parameter leading to injection. The impact is described as ...

CVE-2004-1787

SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries...

CVE-2002-0739

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page...

CVE-2002-0739

CVE-2002-0739 describes a cross-site scripting vulnerability in PostCalendar 3.02. The issue allows remote attackers to inject arbitrary HTML and scripts and to harvest cookies by modifying a calendar entry on the preview page. The NVD entry lists a base score of 7.5 (HIGH) with network attack ve...

CVE-2002-0739

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page...

Vulnerability in PostCalendar

Overview -------- PostCalendar is an add-on for the popular PostNuke content management system. It provides a calender that lets users add events to. Problem ------- A user can add an event with unchecked HTML tags in. This includes the script tag which allows an attacker to steal cookies, redire...