EIP-2026-119679
PRE-CVEOpenMRS 2.3 (1.11.4) - Expression Language Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-119679. PoCs published by LiquidWorm.
AI-analyzed exploit summary This advisory details an Expression Language (EL) injection vulnerability in OpenMRS, where the 'personType' parameter in 'addPerson.htm' is not properly sanitized, allowing remote code execution by authenticated users. The document includes technical details, affected versions, and vendor fixes.
Description
OpenMRS 2.3 (1.11.4) - Expression Language Injection
Exploits (1)
This advisory details an Expression Language (EL) injection vulnerability in OpenMRS, where the 'personType' parameter in 'addPerson.htm' is not properly sanitized, allowing remote code execution by authenticated users. The document includes technical details, affected versions, and vendor fixes.