""In the most severe cases, SQL injection vulnerabilities combined with modest database privileges could have led to full database compromise, PHI exfiltration at scale, and remote code execution on the server.""
""Two of them are critical SQL injection bugs tracked as CVE-2026-24908 and CVE-2026-23627, which can allow any authenticated attacker to compromise a database, exfiltrate data, steal credentials, and execute arbitrary code.""
""Another flaw exposing patient data is CVE-2026-24487, described as an authorization bypass issue.""
""CVEdetails has cataloged more than 200 vulnerabilities discovered over the past decade. However, there do not appear to be any public reports confirming in-the-wild exploitation of OpenEMR vulnerabilities.""
OpenEMR, an electronic medical records platform used by over 100,000 healthcare providers, recently had 39 vulnerabilities identified, with 38 assigned CVE identifiers. The majority were due to missing or incorrect authorization, while others included XSS, SQL injection, and session expiration issues. Critical vulnerabilities could lead to database compromise and patient data exfiltration. Notable issues include SQL injection bugs CVE-2026-24908 and CVE-2026-23627, allowing attackers to access databases and execute code. All vulnerabilities have been patched, and no public reports confirm exploitation in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]