SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  OpenEMR Calendar Search SQL Injection

Category: WEB-ATTACKS      

An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.


Relevant Information