CVE-2013-10044

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/openemr/openemr	Product
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb	Exploit
https://www.exploit-db.com/exploits/28329	Exploit
https://www.exploit-db.com/exploits/28408	Exploit
https://www.open-emr.org/	Product
https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce	Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb	Exploit
https://www.exploit-db.com/exploits/28329	Exploit
https://www.exploit-db.com/exploits/28408	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-01 21:15

Updated : 2025-11-26 14:10

NVD link : CVE-2013-10044

Mitre link : CVE-2013-10044

CVE.ORG link : CVE-2013-10044

JSON object : View

Products Affected

open-emr

openemr

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2013-10044", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-01T21:15:26.030", "references": [{"url": "https://github.com/openemr/openemr", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/28329", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/28408", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.open-emr.org/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/openemr-sqli-priv-esc-rce", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/28329", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/28408", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An authenticated SQL injection vulnerability exists in OpenEMR \u2264 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL autenticada en OpenEMR ? 4.1.1 Parche 14 que permite a un atacante con pocos privilegios extraer credenciales de administrador y, posteriormente, escalar los privilegios. Una vez elevados, el atacante puede explotar una falla de carga de archivos sin restricciones para ejecutar c\u00f3digo remoto, lo que compromete por completo la aplicaci\u00f3n y su sistema host."}], "lastModified": "2025-11-26T14:10:49.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B0DB671-C115-4606-A8B5-683CDE0CFBB7", "versionEndIncluding": "4.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}