SQL Injection Flaw in OpenEMR by OpenEMR
CVE-2013-10044
8.7HIGH
Key Information:
- Vendor
Openemr Foundation
- Status
- Vendor
- CVE Published:
- 1 August 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2013-10044?
An authenticated SQL injection vulnerability allows low-privileged attackers to extract administrator credentials from OpenEMR. This exploit can lead to privilege escalation wherein the attacker gains higher-level access, enabled further by an unrestricted file upload flaw. Consequently, an attacker can perform remote code execution, potentially compromising the entire application and its host system.
Affected Version(s)
OpenEMR * <= 4.1.1 Patch 14
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
xistence