CVE-2026-25746

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25746. PoCs published by XiaomingX, ChrisSub08.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2026-25746, demonstrating a SQL injection vulnerability in OpenEMR <8.0.0 via the 'sort' parameter in the prescription listing functionality. The exploit includes a Python script that performs boolean-based SQL injection to extract data from the database.

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25746

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-25746, demonstrating a SQL injection vulnerability in OpenEMR <8.0.0 via the 'sort' parameter in the prescription listing functionality. The exploit includes a Python script that performs boolean-based SQL injection to extract data from the database.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: OpenEMR <8.0.0

Auth required

Prerequisites: Authenticated access to OpenEMR · Valid session cookie

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by ChrisSub08 · poc

https://github.com/ChrisSub08/CVE-2026-25746_SqlInjectionVulnerabilityOpenEMR7.0.4