SQL Injection Vulnerability in Philips Healthcare Tasy EMR

CVE-2021-39376

Summary

The Tasy Electronic Medical Record (EMR) version 3.06 developed by Philips Healthcare is susceptible to SQL injection attacks. This vulnerability may allow an attacker to exploit specific parameters, such as CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO, to manipulate database queries and gain unauthorized access to sensitive information. It is crucial for users and administrators to apply necessary updates and implement stringent security measures to mitigate the risks associated with this vulnerability.

References