Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.
Published: 2026-03-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Compromise
Action: Patch
AI Analysis

Impact

The vulnerability is caused by insufficient input validation in the ajax_save endpoint of the CAMOS form, allowing an attacker with authentication to inject arbitrary SQL statements. Based on the description, it is inferred that the injected code could read, modify, or delete database records, potentially exposing and altering protected health information.

Affected Systems

All installations of OpenEMR older than version 8.0.0.3 are affected. The vulnerability exists in the core application and impacts any environment running those versions.

Risk and Exploitability

The CVSS base score of 8.8 indicates a high severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the requirement for authentication, the attack vector is likely limited to users with authorized access within the system.

Generated by OpenCVE AI on March 26, 2026 at 17:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenEMR to version 8.0.0.3 or later to apply the fixed input validation logic.

Generated by OpenCVE AI on March 26, 2026 at 17:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Open-emr
Open-emr openemr
CPEs cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
Vendors & Products Open-emr
Open-emr openemr

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Openemr
Openemr openemr
Vendors & Products Openemr
Openemr openemr

Wed, 25 Mar 2026 23:45:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.
Title OpenEMR has SQL Injection in CAMOS Form
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Open-emr Openemr
Openemr Openemr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T14:24:11.718Z

Reserved: 2026-03-24T15:41:47.492Z

Link: CVE-2026-33917

cve-icon Vulnrichment

Updated: 2026-03-26T14:24:02.217Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T00:16:39.470

Modified: 2026-03-26T16:26:36.493

Link: CVE-2026-33917

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:29:22Z

Weaknesses