OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.
The vulnerability results from improper validation or lack of parameterization of input data in files Pharmacy.class.php, C_Pharmacy.class.php, and controller.php. An attacker can inject malicious SQL code over the network without requiring any privileges or user interaction. This makes it possible to manipulate queries to the OpenEMR application database.
An attacker can gain unauthorized access to sensitive medical and personal patient data stored in the database, as well as modify or delete this data. Depending on the database configuration, it is also possible to escalate the attack to other infrastructure components.
Apply patches available from the vendor according to the references provided. It is recommended to urgently update the OpenEMR system to a vulnerability-free version and restrict network access to the OpenEMR instance only to trusted users and networks.
OpenEMR version 7.0.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpen Emr Openemr
APPOpen-Emr7.0.2
Related vulnerabilities
Command Injection w funkcji backup OpenEMR (wersje przed 8.0.0.2)
OpenEMR: ujawnienie tokenów API MedEx bez uwierzytelnienia (Auth Bypass)
OpenEMR: Wyciek klucza API bramki płatności do klienta w plaintext
OpenEMR: path traversal umożliwia odczyt dowolnych plików przez uwierzytelnionego użytkownika
SQL Injection w OpenEMR — narażenie danych PHI przez parametr _sort