CVE-2026-32120
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2Tags
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated user with fee sheet ACL access to delete, modify, or read `drug_sales` records belonging to arbitrary patients by manipulating the hidden `prod[][sale_id]` form field. The `save()` method uses the user-supplied `sale_id` in five SQL queries (SELECT, UPDATE, DELETE) without verifying that the record belongs to the current patient and encounter. Version 8.0.0.3 contains a patch.
Analysis
An Insecure Direct Object Reference (IDOR) vulnerability exists in OpenEMR versions prior to 8.0.0.3 within the fee sheet product save logic that allows authenticated users with fee sheet ACL permissions to arbitrarily read, modify, or delete drug_sales records belonging to any patient by manipulating the hidden prod[][sale_id] form field. The vulnerability stems from insufficient authorization checks in the FeeSheet.class.php library, where user-supplied sale_id values are used directly in SQL queries without verifying ownership of the record to the current patient and encounter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today