A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the searchFields parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr |