CVE-2020-29142

Published: Feb 15, 2021
Updated: Apr 14, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29142" target="_blank" rel="noopener"> CVE-2020-29142
Severity: High
Exploit:

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.