Sherwin Gaddis

CVE-2026-25746 WRITEUP HIGH WRITEUP

OpenEMR < 8.0.0 - Authenticated SQL Injection in Prescription Listing

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.

CVSS 8.8

View Code

CVE-2022-4615 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.2 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 6.1

View Code