SQL Injection in Open-emr Openemr

CVE-2013-4619

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter…

Vulnerability class: SQL Injection

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Open-emr Openemr — versions 4.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_CONFIRM)
54083 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)