|
Description
|
|
A vulnerability has been discovered in OpenEMR, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed via the "u" GET parameter to interface/login/validateUser.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerability is confirmed in version 4.1.0. Other versions may also be affected.
|
