Openemr@* Security Vulnerabilities and Issues — Openemr@* CVE List

Lucene search

Open-emrOpenemr*

4 matches found

CVE•added 2021/02/15 8:15 p.m.•33 views

CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.

7.2CVSS7.7AI score0.00057EPSS

Web

CVE•added 2021/02/15 9:15 p.m.•32 views

CVE-2020-29143

A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

7.2CVSS7.7AI score0.00057EPSS

Web

CVE•added 2021/02/15 9:15 p.m.•29 views

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.

7.2CVSS7.7AI score0.00057EPSS

Web

CVE•added 2021/02/15 9:15 p.m.•27 views

CVE-2020-29140

A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

7.2CVSS7.7AI score0.00057EPSS

Web