CVE-2019-14529
CRITICALOpenEMR < 5.0.2 - SQL Injection via eye_mag/save.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-14529. PoCs published by Wezery.
AI-analyzed exploit summary Technical analysis of CVE-2019-14529, detailing SQL injection vulnerabilities in OpenEMR's 'save.php' file due to unfiltered 'encounter' and 'zone' variables in DELETE queries. Includes affected versions, patch references, and impact assessment.
Description
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Exploits (1)
nomisec
WRITEUP
by Wezery · poc
https://github.com/Wezery/CVE-2019-14529
Technical analysis of CVE-2019-14529, detailing SQL injection vulnerabilities in OpenEMR's 'save.php' file due to unfiltered 'encounter' and 'zone' variables in DELETE queries. Includes affected versions, patch references, and impact assessment.
Classification
Writeup 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
OpenEMR <5.0.2
Auth required
Prerequisites:
Authorized user access to OpenEMR interface
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Product x_refsource_misc
https://github.com/openemr/openemr/pull/2592
Third Party Advisory x_refsource_misc
https://github.com/Wezery/CVE-2019-14529
Scores
CVSS v3
9.8
EPSS
0.2809
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
open-emr/openemr
< 5.0.2
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026