SQL Injection Vulnerability in OpenEMR by OpenEMR
CVE-2018-17181

9.8CRITICAL

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 17 May 2019

What is CVE-2018-17181?

A vulnerability has been identified in OpenEMR prior to version 5.0.1 Patch 7, which allows for SQL Injection. This flaw is present in the SaveAudit function located in /portal/lib/paylib.php as well as in the portalAudit function found in /portal/lib/appsql.class.php. Exploitation of this vulnerability could lead to unauthorized access and manipulation of the database, potentially putting sensitive user data at risk. It is essential to implement the recommended patches to mitigate these risks.

References

https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5...

x_refsource_MISC

https://github.com/openemr/openemr/commit/4963fe4932a0a4e...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Sep 18, 2018

CVE-2018-17181 Data

JSON

Open-emr

What is CVE-2018-17181?

References

CVSS V3.1

Timeline