CVE-2022-29938

CVE-2022-29938

EPSS 1.4%

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/LibreHealthIO/lh-ehr/tags https://gitlab.com/librehealth/ehr/lh-ehr/-/tags https://nitroteam.kz/index.php?action=researches&slug=librehealth_r