SQL Injection Vulnerability in OpenEMR by OpenEMR
CVE-2019-17197

9.8CRITICAL

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 5 October 2019

What is CVE-2019-17197?

OpenEMR, a widely used open-source electronic medical record (EMR) and practice management solution, is susceptible to an SQL Injection vulnerability found in the Lifestyle demographic filter criteria within the library/clinical_rules.php file. This flaw enables attackers to exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive patient data and affecting the integrity of the system. The vulnerability is particularly critical in a healthcare setting where patient confidentiality and data security are paramount.

References

https://github.com/openemr/openemr/pull/2692

x_refsource_MISC

https://github.com/openemr/openemr/pull/2698/files

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 5, 2019
Vulnerability Reserved
Oct 5, 2019

CVE-2019-17197 Data

JSON

Open-emr

What is CVE-2019-17197?

References

CVSS V3.1

Timeline