CNNVD-202508-092 Information
CNNVD ID
CNNVD-202508-092
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
OpenEMR是OpenEMR社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 4.1.1 Patch 14版本存在代码问题漏洞,该漏洞源于SQL注入和文件上传缺陷,可能导致远程代码执行。
Description (English)
OpenEMR is an open-source medical management system for the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing applications. OpenEMR 4.1.1 Patch 14 has a code problem loophole, which stems from SQL injections and file upload defects and may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
OpenEMR
Published
2025-08-01
Last Modified
2026-02-24
References
https://www.open-emr.org/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb https://www.exploit-db.com/exploits/28329 https://www.exploit-db.com/exploits/28408 https://github.com/openemr/openemr https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce https://access.redhat.com/security/cve/cve-2013-10044
Patch
https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads
Share on: