CVE-2020-29142

Publication date

2021-02-15 20:00:31

Family

mitre

State

PUBLISHED

Description

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.