CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-23 17:59

Updated : 2024-02-28 15:44


NVD link : CVE-2017-5569

Mitre link : CVE-2017-5569

CVE.ORG link : CVE-2017-5569


JSON object : View

Products Affected

eclinicalworks

  • patient_portal
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')