A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr |