CVE-2026-29187 in OpenEMRinformation

Résumé (Anglaise)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker to execute arbitrary SQL commands by manipulating the HTTP parameter keys rather than the values. Version 8.0.0.3 contains a patch.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub_M

Réserver

04/03/2026

Divulgation

26/03/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
353517OpenEMR Patient Search new_search_popup.php injection SQL89Non définiCorrectif officielCVE-2026-29187

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!