{"vulnerability": "CVE-2021-41843", "sightings": [{"uuid": "9c0084e1-c8c1-47c4-a6cc-c75f86e35aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41843", "type": "seen", "source": "https://t.me/cibsecurity/34176", "content": "\u203c CVE-2021-41843 \u203c\n\nAn authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-17T07:47:42.000000Z"}]}