Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker to execute arbitrary SQL commands by manipulating the HTTP parameter keys rather than the values. Version 8.0.0.3 contains a patch.
AnalysisAI
A Blind SQL Injection vulnerability exists in OpenEMR's Patient Search functionality that allows authenticated attackers to execute arbitrary SQL commands by manipulating HTTP parameter keys instead of values. OpenEMR versions prior to 8.0.0.3 are affected. With a CVSS score of 8.1 (High), this vulnerability enables high confidentiality and integrity impact, allowing attackers to extract sensitive patient health records and potentially modify database contents, though exploitation requires low-privileged authentication.
Technical ContextAI
This vulnerability affects OpenEMR, an open-source electronic health records (EHR) and medical practice management application written in PHP. The affected component is the Patient Search functionality located in /interface/new/new_search_popup.php. The vulnerability is classified as CWE-89 (SQL Injection) and represents a blind SQL injection attack where the attacker manipulates HTTP parameter keys rather than parameter values—an unusual attack vector that bypasses typical input validation focused on parameter values. The CPE identifier cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:* confirms this affects the OpenEMR application across multiple versions. Blind SQL injection allows attackers to infer database content through boolean-based or time-based queries even when error messages are not displayed.
RemediationAI
Upgrade OpenEMR to version 8.0.0.3 or later, which contains a patch for this vulnerability as documented in commit c61887aa7c83e83b3282db05246f1c00de3aa21d available at https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d. Review the complete security advisory at https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872 for additional context. Until patching is completed, organizations should implement defense-in-depth measures including restricting access to the Patient Search functionality to only essential users, monitoring database query logs for anomalous SQL patterns, implementing web application firewall (WAF) rules to detect SQL injection attempts in parameter keys, and conducting audit reviews of user accounts with access to the affected functionality. Given the sensitive nature of healthcare data, prioritize this upgrade and ensure comprehensive logging is enabled to detect any potential exploitation attempts.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today