CVE-2017-5598
This CVE refers to eClinicalWorks healow@work 8.0 build 8, where a blind SQL injection exists in the EmployeePortalServlet. The vulnerability is exploitable by unauthenticated attackers via an HTTP POST to the EmployeePortalServlet page, affecting the employer parameter, and can be used to exfilt...