Tag
OpenEMR before version 8.0.0.3 is vulnerable to XML External Entity (XXE) injection, allowing an authenticated user with access to the Carecoordination module to upload a crafted CCDA document and read arbitrary files from the server.