CVE-2013-10044

HIGH

OpenEMR < 4.1.1 Patch 14 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-10044. PoCs published by xistence, including Metasploit module exploits/unix/webapp/openemr_sqli_privesc_upload.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in OpenEMR 4.1.1 Patch 14 and an arbitrary file upload vulnerability post-authentication. It includes detailed HTTP requests for exploitation.

Description

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

Exploits (3)

exploitdb WORKING POC VERIFIED

by xistence · textwebappsphp

https://www.exploit-db.com/exploits/28329

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in OpenEMR 4.1.1 Patch 14 and an arbitrary file upload vulnerability post-authentication. It includes detailed HTTP requests for exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR 4.1.1 Patch 14 and lower

Auth required

Prerequisites: Valid credentials for authentication · Access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by xistence · rubyremotephp

https://www.exploit-db.com/exploits/28408

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in OpenEMR 4.1.1 Patch 14 to retrieve the admin password hash, then uploads a PHP payload for remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenEMR 4.1.1 Patch 14 and lower

Auth required

Prerequisites: Valid non-admin credentials · Network access to the OpenEMR application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in OpenEMR 4.1.1 Patch 14 to retrieve the admin password hash, then escalates privileges by uploading a malicious PHP file. It demonstrates a full chain from SQLi to RCE.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: OpenEMR 4.1.1 Patch 14 and lower

Auth required

Prerequisites: Valid non-admin credentials · Network access to the OpenEMR instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb

Exploit exploit

https://www.exploit-db.com/exploits/28329

Exploit exploit

https://www.exploit-db.com/exploits/28408

Product product

https://www.open-emr.org/

Product product

https://github.com/openemr/openemr

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce

Scores

CVSS v3 8.8

EPSS 0.0128

EPSS Percentile 66.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434 CWE-89

Status published

Products (2)

open-emr/openemr < 4.1.1

OpenEMR Foundation/OpenEMR < 4.1.1 Patch 14

Published Aug 01, 2025

Tracked Since Feb 18, 2026