CVE-2026-33909
Published
CVSS v3
5.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL injection. Version 8.0.0.3 contains a patch.
The most popular open source electronic health records and medical practice management solution.
GitHub