The purpose of this research is to explore and identify the vulnerabilities in OpenEMR 5.0.0, which is a free and open source medical practice management application. We are to provide recommendations/suggestions to OpenEMR developers on identifying the vulnerabilities. We chose to use vulnerabilities scanning tools to manually explore the demo site of OpenEMR 5.0.0. The targeted vulnerabilities belong to the following three types, namely, SQL Injection, Cross-Site Scripting (XSS) including persistent XSS and reflected XSS and Arbitrary File Upload. We have inducted a qualitative based risk assessment to determine the risk levels for the vulnerabilities identified. The results of risk assessment include two kinds of risk levels, which are high risk and medium risk, and two kinds of priorities, which are priority 1 (high) and priority 2 (medium). In addition, we provided recommendations and best practices about how to prevent the identified vulnerabilities. Furthermore, the research also presents an exploit automation program written in Python to test and exploit the vulnerabilities including SQL Injection and reflected XSS on the demo server of OpenEMR.