top of page
perceptive_background_267k.jpg

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulne…

Published:

25 March 2026 at 23:00:00

Alert date:

26 March 2026 at 17:02:46

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

OpenEMR, a free and open source electronic health records and medical practice management application, contains a SQL injection vulnerability in versions prior to 8.0.0.3. The vulnerability exists in the ajax_save CAMOS form and can be exploited by authenticated attackers. The issue stems from insufficient input validation in the ajax_save page within the CAMOS form. This vulnerability allows authenticated users to potentially execute malicious SQL queries against the database. The vulnerability has been patched in version 8.0.0.3 of OpenEMR.

Technical details

Mitigation steps:

Affected products:

OpenEMR

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33917
https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e17f
https://github.com/openemr/openemr/releases/tag/v8_0_0_3
https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page