OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the backup functionality. Version 8.0.0.2 fixes the issue.
References
| Link | Resource |
|---|---|
| https://github.com/openemr/openemr/commit/7bc7bd077a624e205daed17658de41af6070ef73 | Patch |
| https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86 | Exploit Mitigation Vendor Advisory |
| https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86 | Exploit Mitigation Vendor Advisory |
Configurations
History
20 Mar 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86 - Exploit, Mitigation, Vendor Advisory |
20 Mar 2026, 16:18
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* | |
| First Time |
Open-emr openemr
Open-emr |
|
| References | () https://github.com/openemr/openemr/commit/7bc7bd077a624e205daed17658de41af6070ef73 - Patch | |
| References | () https://github.com/openemr/openemr/security/advisories/GHSA-6pmc-3xm7-pm86 - Exploit, Mitigation, Vendor Advisory |
19 Mar 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-19 20:16
Updated : 2026-03-20 19:16
NVD link : CVE-2026-32238
Mitre link : CVE-2026-32238
CVE.ORG link : CVE-2026-32238
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')