SQL Injection Vulnerability in Philips Healthcare Tasy EMR
CVE-2021-39375
8.8HIGH
Key Information:
- Vendor
Philips
- Vendor
- CVE Published:
- 24 August 2021
What is CVE-2021-39375?
A SQL injection vulnerability exists in the Philips Healthcare Tasy Electronic Medical Record (EMR) version 3.06. This vulnerability is introduced through the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter, allowing attackers to manipulate SQL queries. Exploiting this flaw could potentially enable unauthorized access to sensitive data stored in the EMR system, posing serious risks to patient privacy and data integrity.