Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by Bahmni

    CVE-2026-15477 (GCVE-0-2026-15477)

    Vulnerability from nvd – Published: 2026-07-12 03:45 – Updated: 2026-07-13 19:11
    VLAI
    Title
    Bahmni bahmnicore Search Endpoint sql additionalParams sql injection
    Summary
    A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bahmni bahmnicore Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12
    Affected: 0.13
    Affected: 0.14
    Affected: 0.15
    Affected: 0.16
    Affected: 0.17
    Affected: 0.18
    Affected: 0.19
    Affected: 0.20
    Affected: 0.21
    Affected: 0.22
    Affected: 0.23
    Affected: 0.24
    Affected: 0.25
    Affected: 0.26
    Affected: 0.27
    Affected: 0.28
    Affected: 0.29
    Affected: 0.30
    Affected: 0.31
    Affected: 0.32
    Affected: 0.33
    Affected: 0.34
    Affected: 0.35
    Affected: 0.36
    Affected: 0.37
    Affected: 0.38
    Affected: 0.39
    Affected: 0.40
    Affected: 0.41
    Affected: 0.42
    Affected: 0.43
    Affected: 0.44
    Affected: 0.45
    Affected: 0.46
    Affected: 0.47
    Affected: 0.48
    Affected: 0.49
    Affected: 0.50
    Affected: 0.51
    Affected: 0.52
    Affected: 0.53
    Affected: 0.54
    Affected: 0.55
    Affected: 0.56
    Affected: 0.57
    Affected: 0.58
    Affected: 0.59
    Affected: 0.60
    Affected: 0.61
    Affected: 0.62
    Affected: 0.63
    Affected: 0.64
    Affected: 0.65
    Affected: 0.66
    Affected: 0.67
    Affected: 0.68
    Affected: 0.69
    Affected: 0.70
    Affected: 0.71
    Affected: 0.72
    Affected: 0.73
    Affected: 0.74
    Affected: 0.75
    Affected: 0.76
    Affected: 0.77
    Affected: 0.78
    Affected: 0.79
    Affected: 0.80
    Affected: 0.81
    Affected: 0.82
    Affected: 0.83
    Affected: 0.84
    Affected: 0.85
    Affected: 0.86
    Affected: 0.87
    Affected: 0.88
    Affected: 0.89
    Affected: 0.90
    Affected: 0.91
    Affected: 0.92
    Affected: 0.93
    Unaffected: 0.93.1
    Unaffected: 1.0.1
    Unaffected: 1.1.1
    Unaffected: 1.2.1
    Unaffected: 1.3.1
    Unaffected: 2.0.1
        cpe:2.3:a:bahmni:bahmnicore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    geochen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15477",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T19:11:16.738269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:11:58.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/836079"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:bahmni:bahmnicore:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Search Endpoint"
              ],
              "product": "bahmnicore",
              "vendor": "Bahmni",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                },
                {
                  "status": "affected",
                  "version": "0.9"
                },
                {
                  "status": "affected",
                  "version": "0.10"
                },
                {
                  "status": "affected",
                  "version": "0.11"
                },
                {
                  "status": "affected",
                  "version": "0.12"
                },
                {
                  "status": "affected",
                  "version": "0.13"
                },
                {
                  "status": "affected",
                  "version": "0.14"
                },
                {
                  "status": "affected",
                  "version": "0.15"
                },
                {
                  "status": "affected",
                  "version": "0.16"
                },
                {
                  "status": "affected",
                  "version": "0.17"
                },
                {
                  "status": "affected",
                  "version": "0.18"
                },
                {
                  "status": "affected",
                  "version": "0.19"
                },
                {
                  "status": "affected",
                  "version": "0.20"
                },
                {
                  "status": "affected",
                  "version": "0.21"
                },
                {
                  "status": "affected",
                  "version": "0.22"
                },
                {
                  "status": "affected",
                  "version": "0.23"
                },
                {
                  "status": "affected",
                  "version": "0.24"
                },
                {
                  "status": "affected",
                  "version": "0.25"
                },
                {
                  "status": "affected",
                  "version": "0.26"
                },
                {
                  "status": "affected",
                  "version": "0.27"
                },
                {
                  "status": "affected",
                  "version": "0.28"
                },
                {
                  "status": "affected",
                  "version": "0.29"
                },
                {
                  "status": "affected",
                  "version": "0.30"
                },
                {
                  "status": "affected",
                  "version": "0.31"
                },
                {
                  "status": "affected",
                  "version": "0.32"
                },
                {
                  "status": "affected",
                  "version": "0.33"
                },
                {
                  "status": "affected",
                  "version": "0.34"
                },
                {
                  "status": "affected",
                  "version": "0.35"
                },
                {
                  "status": "affected",
                  "version": "0.36"
                },
                {
                  "status": "affected",
                  "version": "0.37"
                },
                {
                  "status": "affected",
                  "version": "0.38"
                },
                {
                  "status": "affected",
                  "version": "0.39"
                },
                {
                  "status": "affected",
                  "version": "0.40"
                },
                {
                  "status": "affected",
                  "version": "0.41"
                },
                {
                  "status": "affected",
                  "version": "0.42"
                },
                {
                  "status": "affected",
                  "version": "0.43"
                },
                {
                  "status": "affected",
                  "version": "0.44"
                },
                {
                  "status": "affected",
                  "version": "0.45"
                },
                {
                  "status": "affected",
                  "version": "0.46"
                },
                {
                  "status": "affected",
                  "version": "0.47"
                },
                {
                  "status": "affected",
                  "version": "0.48"
                },
                {
                  "status": "affected",
                  "version": "0.49"
                },
                {
                  "status": "affected",
                  "version": "0.50"
                },
                {
                  "status": "affected",
                  "version": "0.51"
                },
                {
                  "status": "affected",
                  "version": "0.52"
                },
                {
                  "status": "affected",
                  "version": "0.53"
                },
                {
                  "status": "affected",
                  "version": "0.54"
                },
                {
                  "status": "affected",
                  "version": "0.55"
                },
                {
                  "status": "affected",
                  "version": "0.56"
                },
                {
                  "status": "affected",
                  "version": "0.57"
                },
                {
                  "status": "affected",
                  "version": "0.58"
                },
                {
                  "status": "affected",
                  "version": "0.59"
                },
                {
                  "status": "affected",
                  "version": "0.60"
                },
                {
                  "status": "affected",
                  "version": "0.61"
                },
                {
                  "status": "affected",
                  "version": "0.62"
                },
                {
                  "status": "affected",
                  "version": "0.63"
                },
                {
                  "status": "affected",
                  "version": "0.64"
                },
                {
                  "status": "affected",
                  "version": "0.65"
                },
                {
                  "status": "affected",
                  "version": "0.66"
                },
                {
                  "status": "affected",
                  "version": "0.67"
                },
                {
                  "status": "affected",
                  "version": "0.68"
                },
                {
                  "status": "affected",
                  "version": "0.69"
                },
                {
                  "status": "affected",
                  "version": "0.70"
                },
                {
                  "status": "affected",
                  "version": "0.71"
                },
                {
                  "status": "affected",
                  "version": "0.72"
                },
                {
                  "status": "affected",
                  "version": "0.73"
                },
                {
                  "status": "affected",
                  "version": "0.74"
                },
                {
                  "status": "affected",
                  "version": "0.75"
                },
                {
                  "status": "affected",
                  "version": "0.76"
                },
                {
                  "status": "affected",
                  "version": "0.77"
                },
                {
                  "status": "affected",
                  "version": "0.78"
                },
                {
                  "status": "affected",
                  "version": "0.79"
                },
                {
                  "status": "affected",
                  "version": "0.80"
                },
                {
                  "status": "affected",
                  "version": "0.81"
                },
                {
                  "status": "affected",
                  "version": "0.82"
                },
                {
                  "status": "affected",
                  "version": "0.83"
                },
                {
                  "status": "affected",
                  "version": "0.84"
                },
                {
                  "status": "affected",
                  "version": "0.85"
                },
                {
                  "status": "affected",
                  "version": "0.86"
                },
                {
                  "status": "affected",
                  "version": "0.87"
                },
                {
                  "status": "affected",
                  "version": "0.88"
                },
                {
                  "status": "affected",
                  "version": "0.89"
                },
                {
                  "status": "affected",
                  "version": "0.90"
                },
                {
                  "status": "affected",
                  "version": "0.91"
                },
                {
                  "status": "affected",
                  "version": "0.92"
                },
                {
                  "status": "affected",
                  "version": "0.93"
                },
                {
                  "status": "unaffected",
                  "version": "0.93.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.0.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.1.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.2.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.3.1"
                },
                {
                  "status": "unaffected",
                  "version": "2.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "geochen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-12T03:45:09.037Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377782 | Bahmni bahmnicore Search Endpoint sql additionalParams sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377782"
            },
            {
              "name": "VDB-377782 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377782/cti"
            },
            {
              "name": "CVE-2026-15477 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15477"
            },
            {
              "name": "Submit #836079 | Bahmni bahmni-core 1.3.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/836079"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Bahmni/bahmni-core/security/advisories/GHSA-cg9w-r5g6-cxq5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://bahmni.atlassian.net/wiki/spaces/BAH/pages/5519474693/Bahmni+Security+Patch+July+02+2026+Release+Notes"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-11T11:54:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bahmni bahmnicore Search Endpoint sql additionalParams sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15477",
        "datePublished": "2026-07-12T03:45:09.037Z",
        "dateReserved": "2026-07-11T09:49:25.934Z",
        "dateUpdated": "2026-07-13T19:11:58.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15477 (GCVE-0-2026-15477)

    Vulnerability from cvelistv5 – Published: 2026-07-12 03:45 – Updated: 2026-07-13 19:11
    VLAI
    Title
    Bahmni bahmnicore Search Endpoint sql additionalParams sql injection
    Summary
    A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bahmni bahmnicore Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12
    Affected: 0.13
    Affected: 0.14
    Affected: 0.15
    Affected: 0.16
    Affected: 0.17
    Affected: 0.18
    Affected: 0.19
    Affected: 0.20
    Affected: 0.21
    Affected: 0.22
    Affected: 0.23
    Affected: 0.24
    Affected: 0.25
    Affected: 0.26
    Affected: 0.27
    Affected: 0.28
    Affected: 0.29
    Affected: 0.30
    Affected: 0.31
    Affected: 0.32
    Affected: 0.33
    Affected: 0.34
    Affected: 0.35
    Affected: 0.36
    Affected: 0.37
    Affected: 0.38
    Affected: 0.39
    Affected: 0.40
    Affected: 0.41
    Affected: 0.42
    Affected: 0.43
    Affected: 0.44
    Affected: 0.45
    Affected: 0.46
    Affected: 0.47
    Affected: 0.48
    Affected: 0.49
    Affected: 0.50
    Affected: 0.51
    Affected: 0.52
    Affected: 0.53
    Affected: 0.54
    Affected: 0.55
    Affected: 0.56
    Affected: 0.57
    Affected: 0.58
    Affected: 0.59
    Affected: 0.60
    Affected: 0.61
    Affected: 0.62
    Affected: 0.63
    Affected: 0.64
    Affected: 0.65
    Affected: 0.66
    Affected: 0.67
    Affected: 0.68
    Affected: 0.69
    Affected: 0.70
    Affected: 0.71
    Affected: 0.72
    Affected: 0.73
    Affected: 0.74
    Affected: 0.75
    Affected: 0.76
    Affected: 0.77
    Affected: 0.78
    Affected: 0.79
    Affected: 0.80
    Affected: 0.81
    Affected: 0.82
    Affected: 0.83
    Affected: 0.84
    Affected: 0.85
    Affected: 0.86
    Affected: 0.87
    Affected: 0.88
    Affected: 0.89
    Affected: 0.90
    Affected: 0.91
    Affected: 0.92
    Affected: 0.93
    Unaffected: 0.93.1
    Unaffected: 1.0.1
    Unaffected: 1.1.1
    Unaffected: 1.2.1
    Unaffected: 1.3.1
    Unaffected: 2.0.1
        cpe:2.3:a:bahmni:bahmnicore:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    geochen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15477",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T19:11:16.738269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T19:11:58.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/836079"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:bahmni:bahmnicore:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Search Endpoint"
              ],
              "product": "bahmnicore",
              "vendor": "Bahmni",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                },
                {
                  "status": "affected",
                  "version": "0.9"
                },
                {
                  "status": "affected",
                  "version": "0.10"
                },
                {
                  "status": "affected",
                  "version": "0.11"
                },
                {
                  "status": "affected",
                  "version": "0.12"
                },
                {
                  "status": "affected",
                  "version": "0.13"
                },
                {
                  "status": "affected",
                  "version": "0.14"
                },
                {
                  "status": "affected",
                  "version": "0.15"
                },
                {
                  "status": "affected",
                  "version": "0.16"
                },
                {
                  "status": "affected",
                  "version": "0.17"
                },
                {
                  "status": "affected",
                  "version": "0.18"
                },
                {
                  "status": "affected",
                  "version": "0.19"
                },
                {
                  "status": "affected",
                  "version": "0.20"
                },
                {
                  "status": "affected",
                  "version": "0.21"
                },
                {
                  "status": "affected",
                  "version": "0.22"
                },
                {
                  "status": "affected",
                  "version": "0.23"
                },
                {
                  "status": "affected",
                  "version": "0.24"
                },
                {
                  "status": "affected",
                  "version": "0.25"
                },
                {
                  "status": "affected",
                  "version": "0.26"
                },
                {
                  "status": "affected",
                  "version": "0.27"
                },
                {
                  "status": "affected",
                  "version": "0.28"
                },
                {
                  "status": "affected",
                  "version": "0.29"
                },
                {
                  "status": "affected",
                  "version": "0.30"
                },
                {
                  "status": "affected",
                  "version": "0.31"
                },
                {
                  "status": "affected",
                  "version": "0.32"
                },
                {
                  "status": "affected",
                  "version": "0.33"
                },
                {
                  "status": "affected",
                  "version": "0.34"
                },
                {
                  "status": "affected",
                  "version": "0.35"
                },
                {
                  "status": "affected",
                  "version": "0.36"
                },
                {
                  "status": "affected",
                  "version": "0.37"
                },
                {
                  "status": "affected",
                  "version": "0.38"
                },
                {
                  "status": "affected",
                  "version": "0.39"
                },
                {
                  "status": "affected",
                  "version": "0.40"
                },
                {
                  "status": "affected",
                  "version": "0.41"
                },
                {
                  "status": "affected",
                  "version": "0.42"
                },
                {
                  "status": "affected",
                  "version": "0.43"
                },
                {
                  "status": "affected",
                  "version": "0.44"
                },
                {
                  "status": "affected",
                  "version": "0.45"
                },
                {
                  "status": "affected",
                  "version": "0.46"
                },
                {
                  "status": "affected",
                  "version": "0.47"
                },
                {
                  "status": "affected",
                  "version": "0.48"
                },
                {
                  "status": "affected",
                  "version": "0.49"
                },
                {
                  "status": "affected",
                  "version": "0.50"
                },
                {
                  "status": "affected",
                  "version": "0.51"
                },
                {
                  "status": "affected",
                  "version": "0.52"
                },
                {
                  "status": "affected",
                  "version": "0.53"
                },
                {
                  "status": "affected",
                  "version": "0.54"
                },
                {
                  "status": "affected",
                  "version": "0.55"
                },
                {
                  "status": "affected",
                  "version": "0.56"
                },
                {
                  "status": "affected",
                  "version": "0.57"
                },
                {
                  "status": "affected",
                  "version": "0.58"
                },
                {
                  "status": "affected",
                  "version": "0.59"
                },
                {
                  "status": "affected",
                  "version": "0.60"
                },
                {
                  "status": "affected",
                  "version": "0.61"
                },
                {
                  "status": "affected",
                  "version": "0.62"
                },
                {
                  "status": "affected",
                  "version": "0.63"
                },
                {
                  "status": "affected",
                  "version": "0.64"
                },
                {
                  "status": "affected",
                  "version": "0.65"
                },
                {
                  "status": "affected",
                  "version": "0.66"
                },
                {
                  "status": "affected",
                  "version": "0.67"
                },
                {
                  "status": "affected",
                  "version": "0.68"
                },
                {
                  "status": "affected",
                  "version": "0.69"
                },
                {
                  "status": "affected",
                  "version": "0.70"
                },
                {
                  "status": "affected",
                  "version": "0.71"
                },
                {
                  "status": "affected",
                  "version": "0.72"
                },
                {
                  "status": "affected",
                  "version": "0.73"
                },
                {
                  "status": "affected",
                  "version": "0.74"
                },
                {
                  "status": "affected",
                  "version": "0.75"
                },
                {
                  "status": "affected",
                  "version": "0.76"
                },
                {
                  "status": "affected",
                  "version": "0.77"
                },
                {
                  "status": "affected",
                  "version": "0.78"
                },
                {
                  "status": "affected",
                  "version": "0.79"
                },
                {
                  "status": "affected",
                  "version": "0.80"
                },
                {
                  "status": "affected",
                  "version": "0.81"
                },
                {
                  "status": "affected",
                  "version": "0.82"
                },
                {
                  "status": "affected",
                  "version": "0.83"
                },
                {
                  "status": "affected",
                  "version": "0.84"
                },
                {
                  "status": "affected",
                  "version": "0.85"
                },
                {
                  "status": "affected",
                  "version": "0.86"
                },
                {
                  "status": "affected",
                  "version": "0.87"
                },
                {
                  "status": "affected",
                  "version": "0.88"
                },
                {
                  "status": "affected",
                  "version": "0.89"
                },
                {
                  "status": "affected",
                  "version": "0.90"
                },
                {
                  "status": "affected",
                  "version": "0.91"
                },
                {
                  "status": "affected",
                  "version": "0.92"
                },
                {
                  "status": "affected",
                  "version": "0.93"
                },
                {
                  "status": "unaffected",
                  "version": "0.93.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.0.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.1.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.2.1"
                },
                {
                  "status": "unaffected",
                  "version": "1.3.1"
                },
                {
                  "status": "unaffected",
                  "version": "2.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "geochen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-12T03:45:09.037Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377782 | Bahmni bahmnicore Search Endpoint sql additionalParams sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377782"
            },
            {
              "name": "VDB-377782 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377782/cti"
            },
            {
              "name": "CVE-2026-15477 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15477"
            },
            {
              "name": "Submit #836079 | Bahmni bahmni-core 1.3.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/836079"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Bahmni/bahmni-core/security/advisories/GHSA-cg9w-r5g6-cxq5"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://bahmni.atlassian.net/wiki/spaces/BAH/pages/5519474693/Bahmni+Security+Patch+July+02+2026+Release+Notes"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-11T11:54:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bahmni bahmnicore Search Endpoint sql additionalParams sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15477",
        "datePublished": "2026-07-12T03:45:09.037Z",
        "dateReserved": "2026-07-11T09:49:25.934Z",
        "dateUpdated": "2026-07-13T19:11:58.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }