Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
OpenEMR versions before 8.0.0.3 allow hackers to access sensitive data
CVE-2026-33917
Summary
OpenEMR's free electronic health records system has a security flaw that could allow an attacker with a login to access sensitive information. This issue allows hackers to access data they shouldn't have. Update to version 8.0.0.3 or later to fix the problem.
Original title
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form ...
Original description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.
nvd CVSS3.1
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 26 Mar 2026 · Updated: 26 Mar 2026 · First seen: 26 Mar 2026