Severity: Critical CVE ID: CVE-2026-23627 Affected Package: OpenEMR (PHP) Affected Versions: <8.0.0 Patched Versions: 8.0.0 Description Summary Vulnerability: SQL Injection Location: ImmunizationController class in the Immunization module Impact: Database compromise, PHI exfiltration, credential theft, potential remote code execution Details Vulnerable Code: Direct concatenation of user-supplied values into SQL WHERE clauses without parameterization or escaping. Files: interface/modules/zend_modules/module/Immunization/src/Immunization/Controller/ImmunizationController.php Lines: 64-85 (indexAction) and 205-225 (reportAction) PoC Prerequisites: Authenticated OpenEMR session, access to the Immunization module Steps: 1. Basic SQL Injection Test: POST request to immunization controller with malicious parameter 2. Data Exfiltration: Extract usernames and password hashes 3. Database Schema Discovery: Enumerate database tables 4. Complete Database Dump: Extract all patient PHI 5. Time-Based Blind SQL Injection Verification: Confirm SQL injection with timing attack 6. Potential Remote Code Execution: If the database user has FILE privileges Impact Who is Impacted: All authenticated users, all patients, healthcare organization Affected Versions: All versions containing vulnerable code in specified lines