OpenEMR Blind SQL Injection Vulnerability in Patient Search (CVE-2026-29187)
OpenEMR versions prior to 8.0.0.3 are susceptible to a blind SQL injection vulnerability in the Patient Search functionality, allowing authenticated attackers to execute arbitrary SQL commands by manipulating HTTP parameter keys.
OpenEMR, a widely used open-source electronic health records and medical practice management application, has a critical security flaw. Specifically, versions prior to 8.0.0.3 contain a blind SQL injection vulnerability affecting the Patient Search functionality located at /interface/new/new_search_popup.php. Authenticated attackers can exploit this vulnerability, identified as CVE-2026-29187, by manipulating HTTP parameter keys during patient searches. Successful exploitation allows…
Detection coverage 2
Detect OpenEMR SQL Injection Attempt via Parameter Key Manipulation
highDetects potential SQL injection attempts in OpenEMR by monitoring for suspicious characters or keywords in the parameter keys of requests to the Patient Search functionality.
Detect OpenEMR SQL Injection Attempt via URL Encoding
highDetects SQL injection attempts in OpenEMR Patient Search functionality via URL encoded characters in the query string.
Detection queries are kept inside the platform. Get full rules →