CVE-2018-17179

CRITICAL

OpenEMR < 5.0.1.7 - SQL Injection via taskman.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-17179. PoCs published by CyberQuestor-infosec, including Metasploit module auxiliary/sqli/openemr/openemr_sqli_dump.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2018-17179, an authenticated remote code execution vulnerability in OpenEMR. The exploit leverages a flaw in the authentication mechanism of the `rest_routes.php` endpoint to execute arbitrary commands on the server.

Description

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.

Exploits (2)

nomisec WORKING POC 1 stars

by CyberQuestor-infosec · poc

https://github.com/CyberQuestor-infosec/CVE-2018-17179-OpenEMR

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2018-17179, an authenticated remote code execution vulnerability in OpenEMR. The exploit leverages a flaw in the authentication mechanism of the `rest_routes.php` endpoint to execute arbitrary commands on the server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenEMR 5.0.1

Auth required

Prerequisites: Valid admin credentials · Access to the vulnerable `rest_routes.php` endpoint

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in OpenEMR 5.0.1 Patch 6 and lower to dump the entire database contents (excluding log and task tables) into CSV files. It uses a blind SQLi technique with `updatexml` for data extraction.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: OpenEMR <= 5.0.1 Patch 6

No auth needed

Prerequisites: Network access to the OpenEMR web interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/openemr/openemr/commit/3e22d11c7175c1ebbf3d862545ce6fee18f70617

View Patch ZIP pw:eip

Patch, Vendor Advisory x_refsource_misc

https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29

Scores

CVSS v3 9.8

EPSS 0.1195

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

open-emr/openemr < 5.0.1.7

Published May 17, 2019

Tracked Since Feb 18, 2026