An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the maketask function in /interface/forms/eyemag/php/taskmanfunctions.php via /interface/forms/eyemag/taskman.php.