Lucene search
K

51 matches found

OSV
OSV
added 2017/01/23 5:59 p.m.6 views

CVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

8.8CVSS5.8AI score0.01223EPSS
Exploits0References2
NVD
NVD
added 2017/01/23 5:59 p.m.17 views

CVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

8.8CVSS8.9AI score0.01223EPSS
Exploits0References2
Prion
Prion
added 2017/01/23 5:59 p.m.22 views

Sql injection

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

6.5CVSS8.8AI score0.01223EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/01/23 5:59 p.m.10 views

Sql injection

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

7.5CVSS9.8AI score0.02002EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/01/23 5:59 p.m.5 views

CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2017/01/23 5:59 p.m.14 views

CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

9.8CVSS9.9AI score0.02002EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/01/23 5:0 p.m.20 views

CVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

8.9AI score0.01223EPSS
Exploits0References2
CVE
CVE
added 2017/01/23 5:0 p.m.49 views

CVE-2017-5570

CVE-2017-5570 affects eClinicalWorks Patient Portal 7.0 build 13, with a blind SQL injection in messageJson.jsp. The vulnerability can be exploited by authenticated users via an HTTP POST request to dump database data to a malicious server, potentially using out-of-band techniques such as SELECT_...

8.8CVSS8.8AI score0.01223EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/01/23 5:0 p.m.45 views

CVE-2017-5569

CVE-2017-5569 affects eClinicalWorks Patient Portal 7.0 build 13, with a blind SQL injection in template.jsp. The vulnerability can be exploited without authentication via an HTTP POST request to dump database data to a malicious server using out-of-band techniques (e.g., select_loadfile()). No r...

9.8CVSS9.8AI score0.02002EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/01/23 5:0 p.m.18 views

CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

9.9AI score0.02002EPSS
Exploits0References2
Prion
Prion
added 2017/01/10 3:59 p.m.16 views

Sql injection

eClinicalWorks Population Health CCMR suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input...

6.5CVSS8AI score0.03346EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.15 views

CVE-2015-4592

eClinicalWorks Population Health CCMR suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input...

8.8CVSS8.7AI score0.03346EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.17 views

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

6.1CVSS6.1AI score0.05132EPSS
Exploits5References3
Prion
Prion
added 2017/01/10 3:59 p.m.13 views

Session fixation

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

7.5CVSS7AI score0.06238EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.22 views

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

8.8CVSS8.8AI score0.03355EPSS
Exploits5References3
NVD
NVD
added 2017/01/10 3:59 p.m.15 views

CVE-2015-4594

eClinicalWorks Population Health CCMR suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID...

9.8CVSS9.4AI score0.06238EPSS
Exploits5References3
Prion
Prion
added 2017/01/10 3:59 p.m.16 views

Cross site scripting

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

4.3CVSS6.5AI score0.05132EPSS
Exploits5References3
Prion
Prion
added 2017/01/10 3:59 p.m.18 views

Cross site request forgery (csrf)

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

6.8CVSS7.5AI score0.03355EPSS
Exploits5References3
CVE
CVE
added 2017/01/10 3:0 p.m.65 views

CVE-2015-4593

CVE-2015-4593 refers to a cross-site request forgery vulnerability in the EClinicalWorks Population Health (CCMR) Client Portal, specifically in portalUserService.jsp. The issue could allow remote attackers to hijack content administrator authentication and perform actions such as creating, modif...

8.8CVSS9.3AI score0.03355EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2017/01/10 3:0 p.m.25 views

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

6.4AI score0.05132EPSS
Exploits5References3
Rows per page
Query Builder