Unrated severityNVD Advisory· Published Oct 21, 2019· Updated Aug 5, 2024
CVE-2019-16404
CVE-2019-16404
Description
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenEMR/OpenEMRdescription
Patches
Vulnerability mechanics
References
1- github.com/lodestone-security/CVEs/blob/master/CVE-2019-16404/README.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.