Code review for CWE-89: SQL Injection Pre-authentication CAMOS

robertovasquez wrote on Saturday, June 27, 2015:

Changes has being made to: interface/forms/CAMOS/new.php
Line 108: hidden_category POST parameter is passed to a query unescaped when hidden_mode and
hidden_selection equal delete and change_category, respectively.
Line 120: hidden_subcategory POST parameter is passed to a query unescaped when hidden_mode
and hidden_selection equal delete and change_subcategory, respectively.
Lines 110*, 113, 115, 122, 129, 134, 164, 168, 172, 199, 534*, 538*, and 564 all also feature queries
that appear to contain unescaped user-provided data and are likely vulnerable, but have not been
specifically tested (*second-order).

You will find the code at :

To test the code you can:

1. copy this interface/forms/CAMOS/new.php and replace it on your openemr testing box ( back up the original file first)

2. Select an encounter and run visit forms -> CAMOS

3. Add, alter, del Category, Subcategory , items and do search.

bradymiller wrote on Sunday, June 28, 2015:

Hi Roberto,
Placed review on github.
-brady
OpenEMR

robertovasquez wrote on Thursday, July 02, 2015:

new.php file modified to according to review

robertovasquez wrote on Friday, July 03, 2015:

modified, commit and rebase according to review