Open-Emr Openemr vulnerabilities
216 known vulnerabilities affecting open-emr/openemr.
Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2
Vulnerabilities
Page 4 of 11
CVE-2026-33301P3HIGHCVSS 8.1fixed in 8.0.0.22026-03-19
CVE-2026-33301 [HIGH] CWE-116 CVE-2026-33301: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read vulnerability was identified in the PDF creation function wh
nvd
CVE-2026-33302P3HIGHCVSS 8.1fixed in 8.0.0.22026-03-19
CVE-2026-33302 [HIGH] CWE-863 CVE-2026-33302: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks for explicit "deny" (allowed=0). As a result, administrators cannot revoke access by setting a user or gr
nvd
CVE-2018-15147P3HIGHCVSS 8.8≤ 5.0.1.32018-08-15
CVE-2018-15147 [HIGH] CWE-89 CVE-2018-15147: SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in ve
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
nvd
CVE-2021-32101P3HIGHCVSS 8.2v5.0.2.12021-05-07
CVE-2021-32101 [HIGH] CWE-732 CVE-2021-32101: The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/pat
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
nvd
CVE-2023-54347P3HIGHCVSS 7.5v7.0.12026-05-05
CVE-2023-54347 [HIGH] CWE-307 CVE-2023-54347: OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass r
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restricti
nvd
CVE-2026-33321P3HIGHCVSS 7.6fixed in 8.0.0.22026-03-19
CVE-2026-33321 [HIGH] CWE-918 CVE-2026-33321: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified
nvd
CVE-2020-13569P3HIGHCVSS 8.8v5.0.2vOpenEMR 5.0.2 OpenEMR development version 6.0.0 (commitbabec93f600ff1394f91ccd512bcad85832eb6ce)2021-01-28
CVE-2020-13569 [HIGH] CWE-352 CVE-2020-13569: A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and dev
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2018-10573P3HIGHCVSS 8.8fixed in 5.0.12018-04-30
CVE-2018-10573 [HIGH] CVE-2018-10573: interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass i
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
nvd
CVE-2023-22973P3HIGHCVSS 8.8fixed in 7.0.02023-02-22
CVE-2023-22973 [HIGH] CWE-22 CVE-2023-22973: A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
nvd
CVE-2021-32102P3HIGHCVSS 8.8v5.0.2.12021-05-07
CVE-2021-32102 [HIGH] CWE-89 CVE-2021-32102: A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
nvd
CVE-2021-32104P3HIGHCVSS 8.8v5.0.2.12021-05-07
CVE-2021-32104 [HIGH] CWE-89 CVE-2021-32104: A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in O
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
nvd
CVE-2019-3963P3MEDIUMCVSS 6.1≤ 5.0.1v5.0.1 and earlier2019-08-20
CVE-2019-3963 [MEDIUM] CWE-79 CVE-2019-3963: In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_i
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
nvd
CVE-2019-3964P3MEDIUMCVSS 6.1≤ 5.0.1v5.0.1 and earlier2019-08-20
CVE-2019-3964 [MEDIUM] CWE-79 CVE-2019-3964: In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id pa
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
nvd
CVE-2019-17197P3CRITICALCVSS 9.8≤ 5.0.22019-10-05
CVE-2019-17197 [CRITICAL] CWE-89 CVE-2019-17197: OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clin
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
nvd
CVE-2019-16404P3HIGHCVSS 8.8≥ 5.0.1, ≤ 5.0.22019-10-21
CVE-2019-16404 [HIGH] CWE-89 CVE-2019-16404: Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allo
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
nvd
CVE-2022-4506P3HIGHCVSS 8.8fixed in 7.0.0.22022-12-15
CVE-2022-4506 [HIGH] CWE-434 CVE-2022-4506: Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2023-2943P3HIGHCVSS 8.8fixed in 7.0.12023-05-27
CVE-2023-2943 [HIGH] CWE-94 CVE-2023-2943: Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2026-25146P3HIGHCVSS 8.1≥ 5.0.2, < 8.0.02026-03-03
CVE-2026-25146 [HIGH] CWE-200 CVE-2026-25146: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment g
nvd
CVE-2026-34053P3HIGHCVSS 8.1fixed in 8.0.0.32026-03-26
CVE-2026-34053 [HIGH] CWE-862 CVE-2026-34053: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens
nvd
CVE-2023-22974P3HIGHCVSS 7.5fixed in 7.0.02023-02-22
CVE-2023-22974 [HIGH] CWE-552 CVE-2023-22974: A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitra
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
nvd