Cyber Resilience

CVE-2013-10044

HighPublic PoC

Published: 01 August 2025

Published
01 August 2025
Modified
26 November 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1237 94.0th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-10044 is a high-severity SQL Injection (CWE-89) vulnerability in Open-Emr Openemr. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2013-10044 is an authenticated SQL injection vulnerability (CWE-89) in OpenEMR versions up to and including 4.1.1 Patch 14. This flaw enables a low-privileged attacker to extract administrator credentials, facilitating privilege escalation. Chained with an unrestricted file upload vulnerability (CWE-434), it allows attackers to achieve remote code execution, leading to complete compromise of the application and underlying host system. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A low-privileged authenticated user can exploit the SQL injection remotely over the network with low complexity and no user interaction required. By extracting administrator credentials, the attacker escalates privileges and then leverages the file upload flaw to execute arbitrary code, resulting in full control over the OpenEMR instance and host system.

References point to the official OpenEMR GitHub repository and website for potential patches or upgrades beyond 4.1.1 Patch 14, as the vulnerability affects only earlier versions. Mitigation involves updating to a supported version of OpenEMR that addresses these issues.

Public exploit modules exist, including a Metasploit framework module for the SQL injection privilege escalation and file upload chain, as well as Exploit-DB entries (28329 and 28408), indicating real-world exploitation potential despite the CVE's recent publication in 2025.

EU & UK References

Vulnerability details

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code…

more

execution, resulting in full compromise of the application and its host system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Authenticated SQLi in web app directly maps to T1190 for initial exploitation and credential extraction (T1552); chained unrestricted upload enables web shell deployment (T1505.003) and arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33914Same product: Open-Emr Openemr
CVE-2026-33910Same product: Open-Emr Openemr
CVE-2026-23627Same product: Open-Emr Openemr
CVE-2026-32127Same product: Open-Emr Openemr
CVE-2026-24908Same product: Open-Emr Openemr
CVE-2026-25746Same product: Open-Emr Openemr
CVE-2026-33917Same product: Open-Emr Openemr
CVE-2026-24848Same product: Open-Emr Openemr
CVE-2026-25146Same product: Open-Emr Openemr
CVE-2026-29187Same product: Open-Emr Openemr

Affected Assets

open-emr
openemr
≤ 4.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the SQL injection and unrestricted file upload by enforcing input validation at application entry points, addressing both CWE-89 and CWE-434 flaws in OpenEMR.

prevent

Requires timely remediation of known flaws like CVE-2013-10044 through patching or upgrading OpenEMR beyond version 4.1.1 Patch 14.

prevent

Implements boundary protections such as web application firewalls to block remote SQL injection attempts and malicious file uploads over the network.

References