What the vulnerability does
01Description
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVSS base score
4.6/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
May 27, 2023
CVE published
January 14, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-1490 Wago: Vulnerability in WBM through Open VPN
CVE-2022-38745 Apache OpenOffice: Empty entry in Java class path
CVE-2025-4022 web-arena-x webarena evaluators.py HTMLContentEvaluator code injection
CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution
CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process
