PT-2026-21828 · Openemr · Openemr

Heshamm1

·

Publicado

2026-02-25

·

Atualizado

2026-03-02

·

CVE-2026-25131

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0
Description A Broken Access Control issue exists in the OpenEMR order types management system. Low-privilege users, such as Receptionists, can add and modify procedure types without proper authorization. This is due to insufficient access controls in the /openemr/interface/orders/types edit.php API endpoint. The vulnerability allows unauthorized manipulation of medical procedure types.
Recommendations Update to version 8.0.0 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-25131
GHSA-6H2M-4PPF-PH4J

Produtos afetados

Openemr