High severity8.8NVD Advisory· Published May 5, 2022· Updated Jun 17, 2026
CVE-2022-29938
CVE-2022-29938
Description
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LibreHealth/LibreHealth EHRdescription
- Range: =2.0.0
Patches
Vulnerability mechanics
References
3- nitroteam.kz/index.phpnvdExploitThird Party Advisory
- github.com/LibreHealthIO/lh-ehr/tagsnvdThird Party Advisory
- gitlab.com/librehealth/ehr/lh-ehr/-/tagsnvdThird Party Advisory
News mentions
0No linked articles in our index yet.