SQL Injection in SaveAudit and portalAudit Functions

SQL Injection in SaveAudit and portalAudit Functions

CVE-2018-17181 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.