2022-05-05 11:40:35
mitre
PUBLISHED
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interfacebillingnew_payment.php via interfacebillingpayment_master.inc.php leads to SQL injection.