CVE-2020-29143

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 5.0.2.5

Description: A SQL injection issue allows a remote authenticated attacker to execute arbitrary SQL commands. The issue is related to the form code parameter in the interface/reports/non reported.php file.

Recommendations: For versions prior to 5.0.2.5, update to version 5.0.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the interface/reports/non reported.php file to minimize the risk of exploitation. Avoid using the form code parameter in the affected file until the issue is resolved.