OpenEMR, a free and open source electronic health records application, contains a broken access control vulnerability in versions prior to 7.0.4. The vulnerability exists in the Profile Edit endpoint where authenticated users can modify request parameters (pubpid/pid) to reference and alter other users' records. This allows unauthorized modification of profile data including names and contact information, potentially enabling account takeover attacks. The issue has been resolved in version 7.0.4 with appropriate access controls implemented.