Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.131 views

📄 OpenEMR 8.0.0.2 SQL Injection

OpenEMR versions prior to 8.0.0.3 contain a remote SQL injection vulnerability in the new search popup that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the new search popup functionality. CVE-2026-29187 - SQL Injection Vulnerabilit...

8.8CVSS5.9AI score0.00473EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/03/25 10:24 p.m.1 views

CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS6.2AI score0.00473EPSS
Exploits3References3
CVE
CVE
added 2026/03/25 10:24 p.m.15 views

CVE-2026-29187

OpenEMR has an authenticated blind boolean-based SQL injection vulnerability in the Patient Search feature (/interface/new/new_search_popup.php) present before version 8.0.0.3. The flaw allows an attacker to influence SQL logic by manipulating HTTP parameter keys, enabling arbitrary SQL commands....

8.8CVSS6.2AI score0.00473EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2026/03/25 10:24 p.m.5 views

CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS6.2AI score0.00473EPSS
Exploits3References5
Rows per page
Query Builder