Unrated severityNVD Advisory· Published Dec 17, 2021· Updated Aug 4, 2024
CVE-2021-41843
CVE-2021-41843
Description
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenEMR/OpenEMRdescription
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/165301/OpenEMR-6.0.0-6.1.0-dev-SQL-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2021/Dec/38mitremailing-listx_refsource_FULLDISC
- trovent.github.io/security-advisories/TRSA-2109-01/TRSA-2109-01.txtmitrex_refsource_MISC
- trovent.io/security-advisory-2109-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.