CVE-2013-10044

HIGH

OpenEMR < 4.1.1 Patch 14 - SQL Injection

Title source: llm

Description

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

Exploits (3)

exploitdb WORKING POC VERIFIED

by xistence · textwebappsphp

https://www.exploit-db.com/exploits/28329

View Code ZIP pw:eip

exploitdb WORKING POC

by xistence · rubyremotephp

https://www.exploit-db.com/exploits/28408

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb

View Code ZIP pw:eip

References (6)

[Product] https://github.com/openemr/openemr

[Exploit] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb

[Exploit] https://www.exploit-db.com/exploits/28329

[Exploit] https://www.exploit-db.com/exploits/28408

[Product] https://www.open-emr.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce

Scores

CVSS v3 8.8

EPSS 0.0426

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434 CWE-89

Status published

Affected Products (1)

open-emr/openemr < 4.1.1

Timeline

Published Aug 01, 2025

Tracked Since Feb 18, 2026