23 Jan 2017
CVE-2017-5570 - CVE Vulnerability
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). (CVSS:6.5) (Last Update:2017-01-23)
Vulnerability Details : An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile(). Publish Date : 2017-01-23 Last Update Date : 2017-01-23 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-5570
- Number Of Affected Versions By Product
- References For CVE-2017-5570
| |||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-5570There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |