Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2019-25728— Care2x 2.7 Hospital Information System SQL Injection via ck_config

CVSS 8.2 · High EPSS 0.26% · P18

Affected Version Matrix 1

VendorProductVersion RangeStatus
care2xCare2x2.7affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-25728

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Care2x 2.7 Hospital Information System SQL Injection via ck_config
Source: NVD (National Vulnerability Database)
Vulnerability Description
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Care2x SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Care2x是Care2x公司的一个医院信息管理系统。 Care2x 2.7版本存在SQL注入漏洞,该漏洞源于对ck_config cookie参数操作不当,可能导致未经身份验证的攻击者在多个端点执行任意SQL命令,提取敏感数据库信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
care2xCare2x 2.7 -

II. Public POCs for CVE-2019-25728

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-25728

登录查看更多情报信息。

Vendor Advisories for CVE-2019-25728 (1)

Exploits & Public PoCs for CVE-2019-25728 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2019-25728

No comments yet


Leave a comment