Summaryinfo

A vulnerability was found in OpenEMR and classified as problematic. Affected by this vulnerability is the function Save of the file library/FeeSheet.class.php. Executing a manipulation can lead to authorization. This vulnerability appears as CVE-2026-32120. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in OpenEMR. It has been declared as problematic. This vulnerability affects the function save of the file library/FeeSheet.class.php. The manipulation with an unknown input leads to a authorization vulnerability. The CWE definition for the vulnerability is CWE-639. The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. As an impact it is known to affect integrity. CVE summarizes:

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated user with fee sheet ACL access to delete, modify, or read `drug_sales` records belonging to arbitrary patients by manipulating the hidden `prod[][sale_id]` form field. The `save()` method uses the user-supplied `sale_id` in five SQL queries (SELECT, UPDATE, DELETE) without verifying that the record belongs to the current patient and encounter. Version 8.0.0.3 contains a patch.

The advisory is available at github.com. This vulnerability was named CVE-2026-32120 since 03/10/2026. The exploitation appears to be easy. The attack can be initiated remotely. Technical details are known, but there is no available exploit.

By approaching the search of inurl:library/FeeSheet.class.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 8.0.0.3 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch c5b4dd8caf2af70617cc58d39188621ed90543dc is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Business Process Management Software

Name

• OpenEMR

Version

• 2.8.1
• 2.8.2
• 3.1.0
• 3.2
• 3.2.0
• 4.0.0
• 4.1.0
• 4.1.1
• 5.0.0
• 5.0.0 Patch 1
• 5.0.1
• 5.0.1-6
• 5.0.1-dev
• 5.0.1.1
• 5.0.1.3
• 5.0.1.4
• 5.0.2
• 5.0.2.1
• 5.0.2.4
• 5.0.2.5
• 6.0.0
• 6.0.0-dev
• 6.0.0.0
• 6.0.0.2
• 6.0.0.4
• 6.1.0
• 6.1.0.1
• 7.0.0
• 7.0.0.1
• 7.0.0.2
• 7.0.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.3.1
• 7.0.3.4
• 7.0.4
• 7.3.0
• 8.0.0
• 8.0.0.1
• 8.0.0.2

License

• open-source

Website

• Product: https://github.com/openemr/openemr/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion