Open-emr » Openemr : Security Vulnerabilities, CVEs, Published In 2018 (Sql injection)

CVE-2018-15151

SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-12

CVE-2018-15150

SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-12

CVE-2018-15149

SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-12

CVE-2018-15148

SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-12

CVE-2018-15147

SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-12

CVE-2018-15146

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-08-15
Updated
2018-10-11

CVE-2018-15145

Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Max CVSS
9.8
EPSS Score
0.18%
Published
2018-08-13
Updated
2018-10-10

CVE-2018-15144

SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.
Max CVSS
8.8
EPSS Score
0.16%
Published
2018-08-13
Updated
2018-10-10

CVE-2018-15143

Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Max CVSS
9.8
EPSS Score
0.18%
Published
2018-08-13
Updated
2018-10-10

CVE-2018-9250

interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.
Max CVSS
8.8
EPSS Score
22.84%
Published
2018-05-18
Updated
2018-06-20
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close