Vulnerabilities

CVE-2026-23627 - OpenEMR has SQL Injection in Immunization Search/Report

2026-02-25 0 views admin

CVE ID : CVE-2026-23627 Published : Feb. 25, 2026, 5:39 p.m. | 1 hour, 15 minutes ago Description : OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI exfiltration, credential theft, and potential remote code execution. The vulnerability exists because user-supplied `patient_id` values are directly concatenated into SQL WHERE clauses without parameterization or escaping. Version 8.0.0 patches the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-23627

Published

Feb. 25, 2026

Impact: SQL injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23627

CVE-2026-23627 - OpenEMR has SQL Injection in Immunization Search/Report

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-20126 - Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

CVE-2026-20127 - Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

CVE-2026-20133 - Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

CVE-2026-20129 - Cisco Catayst SD-WAN Authentication Bypass Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting