Vulnerabilities

CVE-2017-5569

by Fred · 23/01/2017

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().

Date published : 2017-01-23

http://www.securityfocus.com/bid/95741

https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc

Similar

Tags: Cybersecurity Alert