Critical severity9.8NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2017-5569

Description

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().

Affected products

Eclinicalworks/Patient Portal
cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/95741nvdThird Party AdvisoryVDB Entry
gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dcnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000