Latest Security News about openemr 5 0 2

Contact us to Fix the issue

Authenticated SQL Injection in OpenEMR before 5.0.2.1

Overview : Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter. Affected Product(s) : OpenEMR 5.0.1 OpenEMR 5.0.1.1 OpenEMR 5.0.1.2 OpenEMR 5.0.1.3 OpenEMR 5.0.1.4 OpenEMR 5.0.1.5 OpenEMR 5.0.1.6 OpenEMR 5.0.1.7 OpenEMR 5.0.2 […]