CVE-2026-23627 in OpenEMR情報

要約

〜によって MITRE • 2026年02月25日

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI exfiltration, credential theft, and potential remote code execution. The vulnerability exists because user-supplied `patient_id` values are directly concatenated into SQL WHERE clauses without parameterization or escaping. Version 8.0.0 patches the issue.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年01月14日

公開

2026年02月25日

モデレーション

承諾済み

エントリ

VDB-347840

CPE

準備完了

CWE

CWE-89 (確認済み)

CVSS

8.8 (NVD)

EPSS

0.00010

KEV

いいえ

アクティビティ

非常低い

セクター

Energy, Telecommunication, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23627
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23627
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23627/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!