Vulnerabilities > Open EMR > Openemr > 5.0.1.7

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
open-emr CWE-22
6.0
6.0
2019-08-02 CVE-2019-14529 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8