CVE-2018-1000650

high

Description

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.

References

https://github.com/LibreHealthIO/lh-ehr/issues/1215

https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/

Details

Source: Mitre, NVD

Published: 2018-08-20

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00244