CVE-2022-29938

Published May 5th, 2022

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

LibreHealthIO/lh-ehr

LibreHealth EHR - Free Open Source Electronic Health Records

GitHub

296