📦 Openemr

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx callback endpoint. Any unauthenticated visitor can obtain the practice's MedEx API tokens, leading ...

OpenEMR versions before 8.0.0 contain an SQL injection vulnerability in the Patient REST API endpoint that allows authenticated users with API access to execute arbitrary SQL queries through the _sort...

CVE-2026-24849 is an arbitrary file read vulnerability in OpenEMR's EtherFaxActions.php. Any authenticated user, regardless of privilege level, can exploit this to read sensitive files from the server...

CVE-2024-22611 is a critical SQL injection vulnerability in OpenEMR that allows attackers to execute arbitrary SQL commands through pharmacy-related components. This affects OpenEMR 7.0.2 installation...

CVE-2024-37734 is a privilege escalation vulnerability in OpenEMR 7.0.2 that allows remote attackers to gain elevated privileges by sending a specially crafted POST request with a manipulated noteid p...

CVE-2020-13567 is a critical SQL injection vulnerability in phpGACL 3.3.7 that allows attackers to execute arbitrary SQL commands via specially crafted HTTP requests. This affects all systems running ...

OpenEMR versions before 8.0.0 contain a SQL injection vulnerability in the prescription listing functionality that allows authenticated attackers to execute arbitrary SQL commands. This could lead to ...

OpenEMR versions before 8.0.0 have a session expiration bypass vulnerability. Attackers can send a specific parameter (skip_timeout_reset=1) to prevent session timeout checks, allowing stolen session ...

An SQL injection vulnerability in OpenEMR's Immunization module allows authenticated users to execute arbitrary SQL queries by manipulating patient_id parameters. This affects all OpenEMR installation...

OpenEMR patient portal users can forge provider signatures by exploiting an authorization bypass in the signature upload endpoint. This affects all OpenEMR installations prior to version 8.0.0 where p...

OpenEMR versions before 8.0.0 contain a broken access control vulnerability that allows low-privilege users (like Receptionist role) to add and modify medical procedure types without proper authorizat...

OpenEMR versions before 7.0.4 have disabled SSL/TLS certificate verification by default in their HTTP client, making all HTTPS connections vulnerable to man-in-the-middle attacks. This exposes Protect...

A stored cross-site scripting vulnerability in OpenEMR's GAD-7 anxiety assessment form allows authenticated clinicians to inject malicious JavaScript. When other users view the form, the script execut...

OpenEMR versions before 7.0.4 have a broken access control vulnerability in the Profile Edit endpoint. Authenticated normal users can modify request parameters to reference other users' records, allow...

This CVE describes a critical vulnerability chain in OpenEMR where an authenticated attacker can perform SQL injection to steal administrator credentials, escalate privileges, then exploit an unrestri...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient creation privileges can inject malicious JavaScript into patient name fields. This code executes ...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient editing privileges can inject malicious JavaScript into address fields. This allows attackers to ...

This Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability in OpenEMR allows attackers to force the server to make unauthorized requests to external or internal resources. Attackers can exp...

OpenEMR versions before 7.3.0 contain a directory traversal vulnerability in the Load Code feature that allows attackers to read arbitrary files on the server. This affects all OpenEMR installations r...

CVE-2023-2950 is an improper authorization vulnerability in OpenEMR that allows authenticated users to access administrative functions without proper permissions. This affects all OpenEMR installation...

CVE-2023-2946 is an improper access control vulnerability in OpenEMR that allows unauthorized users to access sensitive patient data and administrative functions. This affects all OpenEMR installation...

CVE-2023-2943 is a code injection vulnerability in OpenEMR that allows attackers to execute arbitrary code on affected systems. This affects OpenEMR installations prior to version 7.0.1. Healthcare or...

This CVE describes a Local File Inclusion vulnerability in OpenEMR's interface/forms/LBF/new.php file that allows authenticated remote attackers to execute arbitrary code by manipulating the formname ...

This vulnerability allows attackers to bypass authorization controls in OpenEMR by manipulating user-controlled keys, potentially accessing unauthorized data or functions. It affects all OpenEMR insta...

This vulnerability allows unauthorized data access by bypassing expected data manager component restrictions in OpenEMR. Attackers can access sensitive patient data they shouldn't have permission to v...

This vulnerability allows non-privileged users to view patient disclosure information in OpenEMR, violating patient privacy and confidentiality. It affects OpenEMR installations prior to version 6.1.0...

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows authenticated attackers to access and modify unauthorized system areas via crafted POST requests to the installer regis...

OpenEMR versions 5.0.0 to 6.0.0.1 have weak password requirements that don't enforce maximum password length. This allows attackers who know the first 72 characters of a victim's password to perform a...

CVE-2021-32101 is an incorrect access control vulnerability in OpenEMR's Patient Portal that allows unauthenticated attackers to register accounts and bypass permission checks. This enables attackers ...

This SQL injection vulnerability in OpenEMR's eye examination form interface allows authenticated users to execute arbitrary SQL commands on the database. It affects OpenEMR installations running vers...

This CVE describes a SQL injection vulnerability in phpGACL 3.3.7 that allows attackers to execute arbitrary SQL commands via specially crafted HTTP requests. The vulnerability exists in the admin/edi...

OpenEMR versions up to 8.0.0 contain an authorization bypass vulnerability in the eye exam module. Authenticated users can access or modify any patient's eye exam data by manipulating form IDs, potent...

This vulnerability in OpenEMR allows authenticated users with document access control to bypass authorization checks and view other patients' photos by manipulating patient or document IDs. It affects...

OpenEMR versions before 8.0.0 have an authorization bypass vulnerability in the FHIR CareTeam endpoint that allows patient-scoped tokens to access care team data for all patients instead of just the a...

This vulnerability in OpenEMR allows any authenticated user to view all internal messages in the Message Center by accessing messages.php?show_all=yes. The application fails to verify administrative p...

OpenEMR versions before 8.0.0 contain an open redirect vulnerability in the Eye Exam form module that allows authenticated users to be redirected to arbitrary external URLs. This enables phishing atta...

OpenEMR versions before 8.0.0 contain an access control vulnerability that allows low-privileged users (like receptionists) to export the entire message list containing sensitive patient and user data...

OpenEMR versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the billing interface's ub04 helper. Low-privileged users can inject malicious JavaScript that executes whe...

OpenEMR versions before 7.0.4 have an authorization bypass vulnerability where users without high-sensitivity privileges can view and modify clinical notes and care plans marked as high-sensitivity. T...

OpenEMR 5.0.2.1 contains a stored cross-site scripting vulnerability in user profile parameters that allows authenticated attackers to inject malicious JavaScript. This can lead to remote command exec...

OpenEMR versions before 7.0.3.1 contain a cross-site scripting vulnerability in the Patient Image feature. Attackers can inject malicious scripts via EXIF title metadata in uploaded images, which then...

A stored cross-site scripting (XSS) vulnerability in OpenEMR 7.0.1 allows attackers to inject malicious scripts into the Secure Messaging feature's 'inputBody' field. When other users view these messa...