SQL Injection in Open-emr Openemr

CVE-2014-5462

Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) f…

Vulnerability class: SQL Injection

EPSS: 0.001 (18.6th percentile) — read the EPSS interpretation.

Affected products

Open-emr Openemr
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20141205 CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)