PT-2026-21981 · Openemr · Openemr

Chrissub08

·

Publicado

2026-02-25

·

Atualizado

2026-02-27

·

CVE-2026-25746

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0
Description OpenEMR is an electronic health records and medical practice management application. Insufficient input validation in the prescription listing functionality allows authenticated attackers to exploit a SQL injection. The vulnerability is present in the prescription functionality.
Recommendations Update to version 8.0.0 or later.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-25746
GHSA-78R7-G65P-GPW3

Produtos afetados

Openemr