CVE-2021-32102: SQL Injection
First published: Fri May 07 2021(Updated: )
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-emr Openemr | =5.0.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
- https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
- https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
- https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal
- https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2021-32102.
Where does the SQL injection vulnerability exist in OpenEMR?
The SQL injection vulnerability exists in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
What is the severity of CVE-2021-32102?
The severity of CVE-2021-32102 is high with a severity value of 8.8.
How can I fix the SQL injection vulnerability in OpenEMR 5.0.2.1?
To fix the SQL injection vulnerability in OpenEMR 5.0.2.1, you should update to a patched version of OpenEMR (e.g., OpenEMR 5.0.2 patch 5).
What is the CWE ID for this SQL injection vulnerability?
The CWE ID for this SQL injection vulnerability is CWE-89.
- collector/nvd-index
- vendor/open-emr
- canonical/open-emr openemr
- version/open-emr openemr/5.0.2.1