2018-08-13 20:29:01 2018-10-10 20:11:21

Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL