CVE-2018-17179

CRITICAL

OpenEMR <5.0.1.7 - SQL Injection

Title source: llm

Description

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.

Exploits (2)

nomisec WORKING POC 1 stars

by CyberQuestor-infosec · poc

https://github.com/CyberQuestor-infosec/CVE-2018-17179-OpenEMR

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/openemr/openemr/commit/3e22d11c7175c1ebbf3d862545ce6fee18f70617

[Patch, Vendor Advisory] https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29

Scores

CVSS v3 9.8

EPSS 0.1167

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

open-emr/openemr < 5.0.1.7

Published May 17, 2019

Tracked Since Feb 18, 2026