{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29187", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-04T14:44:00.714Z", "datePublished": "2026-03-25T22:24:24.204Z", "dateUpdated": "2026-03-26T19:52:12.052Z"}, "containers": {"cna": {"title": "OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872"}, {"name": "https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d"}, {"name": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "tags": ["x_refsource_MISC"], "url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3"}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"version": "< 8.0.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T22:42:24.268Z"}, "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker to execute arbitrary SQL commands by manipulating the HTTP parameter keys rather than the values. Version 8.0.0.3 contains a patch."}], "source": {"advisory": "GHSA-2r7h-xm8v-m872", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T19:35:54.855534Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T19:52:12.052Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php", "source": {"advisory": "GHSA-2r7h-xm8v-m872", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openemr", "product": "openemr", "versions": [{"status": "affected", "version": "< 8.0.0.3"}]}], "references": [{"url": "https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872", "name": "https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d", "name": "https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "name": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker to execute arbitrary SQL commands by manipulating the HTTP parameter keys rather than the values. Version 8.0.0.3 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-25T22:42:24.268Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T19:35:54.855534Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-26T19:51:03.913Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-29187", "state": "PUBLISHED", "dateUpdated": "2026-03-25T22:42:24.268Z", "dateReserved": "2026-03-04T14:44:00.714Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-25T22:24:24.204Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3E098AF-42A1-4798-85A7-80052F19F809", "versionEndExcluding": "8.0.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an authenticated attacker to execute arbitrary SQL commands by manipulating the HTTP parameter keys rather than the values. Version 8.0.0.3 contains a patch."}], "id": "CVE-2026-29187", "lastModified": "2026-03-26T16:19:59.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T23:17:09.340", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openemr/openemr/commit/c61887aa7c83e83b3282db05246f1c00de3aa21d"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/openemr/openemr/releases/tag/v8_0_0_3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/openemr/openemr/security/advisories/GHSA-2r7h-xm8v-m872"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0.0.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openemr", "source": "cna", "vendor": "openemr"}, "product": "openemr", "vendor": "openemr"}], "analysis": {"en": {"generated_at": "2026-03-26T01:58:11.497950+00:00", "value": {"mitigation_remediation": ["Apply the OpenEMR 8.0.0.3 patch or any later release that addresses the issue."], "summary": {"action": "Immediate Patch", "impact": "Authenticated Blind SQL Injection allowing arbitrary database command execution"}, "threat_synthesis": {"affected_systems": "OpenEMR installations using a version older than 8.0.0.3 are vulnerable. The affected product is the OpenEMR electronic health records and medical practice management application, which is distributed under the openemr company name.", "description_and_impact": "The vulnerability is a blind Boolean-based SQL injection that affects the Patient Search functionality in OpenEMR. An authenticated user can manipulate HTTP request parameter keys in the /interface/new/new_search_popup.php endpoint to inject arbitrary SQL statements. This gives the attacker the ability to read, modify, or delete data in the OpenEMR database, compromising the confidentiality, integrity, and availability of patient records.", "risk_and_exploitability": "The base CVSS score of 8.1 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is a remote web request performed by an authenticated user, and because the injection is blind, exploitation requires multiple requests to infer Boolean conditions. If an attacker can automate these requests, the vulnerability can be exploited to execute any SQL command in the context of the authenticated session."}}}}, "created": "2026-03-26T11:31:22.546639+00:00", "updated": "2026-03-26T12:09:25.756188+00:00", "vendors": ["openemr", "openemr$PRODUCT$openemr"]}