A vulnerability was found in Bahmni bahmnicore up to 0.93. It has been classified as critical. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection.

This vulnerability is identified as CVE-2026-15477. The attack can be initiated remotely. Additionally, an exploit exists.

Upgrading the affected component is recommended.