CVE-2024-26476 Information

Description

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.

Reference

https://github.com/mpdf/mpdf/issues/867 https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md