CRITICAL🇵🇱 Wersja polska

CVE-2026-24908

CVSS 9.9v3.1pub. 2026-02-25upd. 2026-02-27

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the `_sort` parameter. This could potentially lead to database access, PHI (Protected Health Information) exposure, and credential compromise. The issue occurs when user-supplied sort field names are used in ORDER BY clauses without proper validation or identifier escaping. Version 8.0.0 fixes the issue.

🤖 AI Analysis
How it works

The vulnerability results from a lack of validation and escaping of identifiers for sort field names supplied by the user in the `_sort` parameter. The value of this parameter is directly injected into the ORDER BY clause of the SQL query without proper sanitization. An attacker with access to the API can manipulate database query logic and read or modify data stored in the database.

Impact

An attacker can gain unauthorized access to the application database, including protected patient medical data (PHI) and system user credentials. Depending on the database configuration, it is also possible to compromise data integrity or availability.

Mitigation & patch

OpenEMR should be updated to version 8.0.0, which contains a patch eliminating the described vulnerability. The patch is also available in the project repository at the address indicated in the references (commit 943e23cad6e979f87cdf168807fce2a7b32dd194).

Who is affected

OpenEMR in all versions prior to 8.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Open Emr Openemr

    APP
    Open-Emr
    < 8.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-32238CRITICAL9.1PL ✓ten sam produkt

Command Injection w funkcji backup OpenEMR (wersje przed 8.0.0.2)

CVE-2026-25146CRITICAL9.6PL ✓ten sam produkt

OpenEMR: Wyciek klucza API bramki płatności do klienta w plaintext

CVE-2026-24898CRITICAL10.0PL ✓ten sam produkt

OpenEMR: ujawnienie tokenów API MedEx bez uwierzytelnienia (Auth Bypass)

CVE-2026-24849CRITICAL9.9PL ✓ten sam produkt

OpenEMR: path traversal umożliwia odczyt dowolnych plików przez uwierzytelnionego użytkownika

CVE-2024-22611CRITICAL9.8PL ✓ten sam produkt

SQL Injection w OpenEMR 7.0.2 — krytyczna podatność w module aptecznym