Vulnerabilities > Open EMR > Openemr > 5.0.1.2

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2020-29143 SQL Injection vulnerability in Open-Emr Openemr
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
network
low complexity
open-emr CWE-89
7.2
7.2
2021-02-15 CVE-2020-29140 SQL Injection vulnerability in Open-Emr Openemr
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
network
low complexity
open-emr CWE-89
7.2
7.2
2021-02-15 CVE-2020-29139 SQL Injection vulnerability in Open-Emr Openemr
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
network
low complexity
open-emr CWE-89
7.2
7.2
2021-02-15 CVE-2020-29142 SQL Injection vulnerability in Open-Emr Openemr
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
network
low complexity
open-emr CWE-89
7.2
7.2
2019-10-21 CVE-2019-16404 SQL Injection vulnerability in Open-Emr Openemr
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
network
low complexity
open-emr CWE-89
8.8
8.8
2019-10-21 CVE-2019-17409 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-10-21 CVE-2019-16862 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-10-05 CVE-2019-17197 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-10-04 CVE-2019-17179 Cross-site Scripting vulnerability in Open-Emr Openemr
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
low complexity
open-emr CWE-22
8.8
8.8