Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Emr | Openemr | < 8.0.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/openemr/openemr/commit/4d48821d18e4125508d8217c43b09233c7f7e1Patch
- https://github.com/openemr/openemr/releases/tag/v8_0_0_3Product
- https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8ExploitVendor Advisory
- https://github.com/openemr/openemr/security/advisories/GHSA-r6xq-mfwf-wgq8ExploitVendor Advisory
FAQ
What is CVE-2026-33917?
CVE-2026-33917 is a vulnerability with a CVSS score of 8.8 (HIGH). OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form tha...
How severe is CVE-2026-33917?
CVE-2026-33917 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-33917?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Emr Openemr.