27 Jan 2017
CVE-2017-5598 - CVE Vulnerability
An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. (CVSS:5.0) (Last Update:2017-01-27)
Vulnerability Details : An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. Publish Date : 2017-01-27 Last Update Date : 2017-01-27 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-5598
- Number Of Affected Versions By Product
- References For CVE-2017-5598
| |||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-5598There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |