Description
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
Exploits (1)
References (10)
Core 10
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/17/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/18/7
Various Sources x_refsource_misc
http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78132
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71983
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18274
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51247
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Jan/27
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html
Third Party Advisory x_refsource_confirm
http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
Scores
EPSS
0.0019
EPSS Percentile
40.7%
Details
CWE
CWE-89
Status
published
Products (4)
open-emr/openemr
3.1.0
open-emr/openemr
3.2.0
open-emr/openemr
4.0.0
open-emr/openemr
< 4.1.0
Published
Sep 09, 2012
Tracked Since
Feb 18, 2026