CVE-2024-37734

Name of the Vulnerable Software and Affected Versions OpenEMR version 7.0.2

Description An issue in OpenEMR allows a remote attacker to escalate privileges via a crafted POST request using the noteid parameter.

Recommendations For OpenEMR version 7.0.2, as a temporary workaround, consider restricting access to the noteid parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.