CVE-2021-43094
- Source
- https://cve.org/CVERecord?id=CVE-2021-43094
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43094.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-43094
- Published
- 2022-05-10T12:15:08.523Z
- Modified
- 2026-03-13T05:15:37.642028Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.
- References
Affected packages
Git / github.com/openmrs/openmrs-core
Affected ranges
Affected versions
1.*
1.0
1.0.1
1.1.0
1.10.0-alpha
1.2.0
1.2.01
1.2.01-RC1
1.3.0-RC1
1.3.0-RC2
1.3.0-RC3
1.3.0-RC4
1.9.0-RC
1.9.0-RC2
1.9.0-RC3
1.9.0-RC4
1.9.0-alpha
1.9.0-beta
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
2.*
2.2.0-20181112.082045-243
2.4.0
2.4.0-alpha.2
2.4.0-alpha.3
2.4.0-beta
2.5
Other
mirebalais_deploy_version
referenceapplication-2.*
referenceapplication-2.1
referenceapplication-2.1.1
referenceapplication-2.10.0
referenceapplication-2.10.0-alpha
referenceapplication-2.11.0
referenceapplication-2.2
referenceapplication-2.3
referenceapplication-2.4
referenceapplication-2.6.0
referenceapplication-2.7.0
referenceapplication-2.8.0
referenceapplication-2.9.0
referenceapplication-2.9.1