PT-2019-9406 · Openemr · Openemr
Published
2019-05-17
·
Updated
2019-05-20
·
CVE-2018-17181
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenEMR versions prior to 5.0.1 Patch 7
Description
An issue exists in the software, where SQL Injection is present in the
SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.Recommendations
For versions prior to 5.0.1 Patch 7, update to version 5.0.1 Patch 7 or later to resolve the issue. As a temporary workaround, consider restricting access to the
/portal/lib/paylib.php and /portal/lib/appsql.class.php files until a patch is applied. Avoid using the SaveAudit and portalAudit functions in the affected API endpoints until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openemr