Vulnerabilities > Open EMR > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-07 | CVE-2020-36243 | OS Command Injection vulnerability in Open-Emr Openemr 5.0.2.1 The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. | 9.0 |
| 2019-09-16 | CVE-2019-8371 | Code Injection vulnerability in Open-Emr Openemr 5.0.16 OpenEMR v5.0.1-6 allows code execution. | 9.0 |
| 2019-08-20 | CVE-2019-3968 | OS Command Injection vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | 9.0 |
| 2019-08-02 | CVE-2019-14529 | SQL Injection vulnerability in Open-Emr Openemr OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | 9.8 |
| 2018-02-09 | CVE-2018-1000019 | OS Command Injection vulnerability in Open-Emr Openemr 5.0.0 OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. | 9.0 |