CVE-2019-25728
Care2x 2.7 Hospital Information System is affected by SQL injection via the ck_config cookie parameter. The vulnerability allows unauthenticated attackers to inject arbitrary SQL through endpoints such as login.php, indexframe.php, and various module files, enabling extraction of sensitive databa...