CVE-2017-5569
N/A
N/A
Summary
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/95741
- https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc
References
- http://www.securityfocus.com/bid/95741
- https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.