CVE-2019-17197

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 5.0.3

Description The issue affects the Lifestyle demographic filter criteria in library/clinical rules.php, which is part of the library/patient.inc. This is due to SQL Injection.

Recommendations For OpenEMR versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the library/clinical rules.php file until a patch is available. Avoid using the Lifestyle demographic filter criteria in the affected library/patient.inc until the issue is resolved.