CVE-2018-1000650

Name of the Vulnerable Software and Affected Versions LibreHealthIO lh-ehr version REL-2.0.0

Description The issue concerns a SQL Injection vulnerability in the Show Groups Popup SQL query functions. This can allow an attacker to perform malicious database queries. The attack is exploitable via user-controlled parameters, such as username or other input fields, although specific parameters are not mentioned.

Recommendations For LibreHealthIO lh-ehr version REL-2.0.0, consider restricting access to the Show Groups Popup SQL query functions until a patch is available. As a temporary workaround, avoid using user-controlled input in the affected SQL query functions to minimize the risk of exploitation.