yehster wrote on Friday, November 22, 2013:
https://sourceforge.net/p/openemr/bugs/374/
There is a potentially serious SQL Injection issue that might be exploitable “pre-authorization” (e.g. without first needing valid login credentials.)
Details are in the bug report. Thanks to Patrick Smith for reporting.
I’m recommending that people download this new version of library/translation.inc.php
and overwrite the existing version.
This file should work for 4.1.3, 4.1.2, 4.1.1 and 4.1.0. I have to admit I’ve only tested with 4.1.3 and 4.1.2 though.
I’m not going to be available for the rest of the day to field questions, but I’ll follow up as needed in the future.