CVE-2015-4592

Опубликовано: 10 янв. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

Ссылки

http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMR-SQL-Injection-CSRF-XSS.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/537420/100/0/threaded
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39402/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMR-SQL-Injection-CSRF-XSS.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/537420/100/0/threaded
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39402/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclinicalworks:population_health:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00577

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-p7jm-8wv3-w2jw