I have found several vulnerabilities in open-source system LibreHealth EHR 2.0.0. More precisely 1 SQL-injection (CVE-2022-29938) and 2 Cross-site scripting (XSS) (CVE-2022-29939, CVE-2022-29940) vulnerabilities.
Tag: SQL-injection
CVE-2021-34187. Unauthenticated SQL injection in Chamilo LMS 1.11.x and (dev version of) 2.0
Lack of sanitization of GET-parameters searchField, filters, filters2 in /main/inc/ajax/model.ajax.php leads to the multiple unauthorized SQL injections in Chamilo LMS 1.11.x and (dev version of) 2.0
CVE-2020-29143. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/non_reported.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29142. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/usergroup/usergroup_admin.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29140. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/immunization_report.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29139. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in library/patient.inc leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).