cbcvebase.

Open-Emr Openemr vulnerabilities

216 known vulnerabilities affecting open-emr/openemr.

Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2

Vulnerabilities

Page 3 of 11
CVE-2025-67645P3HIGHCVSS 8.8v7.0.32026-01-28
CVE-2025-67645 [HIGH] CWE-284 CVE-2025-67645: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the
nvd
CVE-2026-25131P3HIGHCVSS 8.8fixed in 8.0.02026-02-25
CVE-2026-25131 [HIGH] CWE-862 CVE-2026-25131: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such as Receptionist) to add and modify procedure types without proper authorization. This vulnerabilit
nvd
CVE-2023-2949P3MEDIUMCVSS 6.1PoCfixed in 7.0.12023-05-28
CVE-2023-2949 [MEDIUM] CWE-79 CVE-2023-2949: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2020-13562P3MEDIUMCVSS 6.1v5.0.22021-02-01
CVE-2020-13562 [MEDIUM] CWE-80 CVE-2020-13562: A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.
nvd
CVE-2018-15146P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15146 [HIGH] CWE-89 CVE-2018-15146: SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in vers SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
nvd
CVE-2018-15148P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15148 [HIGH] CWE-89 CVE-2018-15148: SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenE SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
nvd
CVE-2018-15151P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15151 [HIGH] CWE-89 CVE-2018-15151: SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
nvd
CVE-2018-15144P3HIGHCVSS 8.8fixed in 5.0.1.42018-08-13
CVE-2018-15144 [HIGH] CWE-89 CVE-2018-15144: SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.
nvd
CVE-2020-13564P3MEDIUMCVSS 6.1v5.0.22021-02-01
CVE-2020-13564 [MEDIUM] CWE-80 CVE-2020-13564: A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.
nvd
CVE-2020-13563P3MEDIUMCVSS 6.1v5.0.22021-02-01
CVE-2020-13563 [MEDIUM] CWE-80 CVE-2020-13563: A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.
nvd
CVE-2022-1179P3MEDIUMCVSS 5.4fixed in 6.0.0.42022-03-30
CVE-2022-1179 [MEDIUM] CWE-79 CVE-2022-1179: Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
nvd
CVE-2018-15149P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15149 [HIGH] CWE-89 CVE-2018-15149: SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.in SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
nvd
CVE-2018-15150P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15150 [HIGH] CWE-89 CVE-2018-15150: SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in ve SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.
nvd
CVE-2019-3967P3MEDIUMCVSS 6.5≤ 5.0.1v5.0.1 and earlier2019-08-20
CVE-2019-3967 [MEDIUM] CWE-22 CVE-2019-3967: In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal fla In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
nvd
CVE-2026-33917P3HIGHCVSS 8.8fixed in 8.0.0.32026-03-26
CVE-2026-33917 [HIGH] CWE-89 CVE-2026-33917: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Vers
nvd
CVE-2026-25164P3HIGHCVSS 8.1fixed in 8.0.02026-02-25
CVE-2026-25164 [HIGH] CWE-862 CVE-2026-25164: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check()` for the document and insurance routes. Other patient routes in the same file (e.g. encounters,
nvd
CVE-2020-13566P3HIGHCVSS 8.8v5.0.22021-04-13
CVE-2020-13566 [HIGH] CWE-89 CVE-2020-13566: SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.
nvd
CVE-2026-33910P3HIGHCVSS 8.8fixed in 8.0.0.32026-03-25
CVE-2026-33910 [HIGH] CWE-89 CVE-2026-33910: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feat
nvd
CVE-2026-32127P3HIGHCVSS 8.8fixed in 8.0.0.12026-03-11
CVE-2026-32127 [HIGH] CWE-89 CVE-2026-32127: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerabilit
nvd
CVE-2026-33918P3HIGHCVSS 8.8fixed in 8.0.0.32026-03-26
CVE-2026-33918 [HIGH] CWE-862 CVE-2026-33918: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user
nvd
Open-Emr Openemr vulnerabilities | cvebase