Critical severity9.8NVD Advisory· Published Aug 24, 2021· Updated Jun 17, 2026
CVE-2021-36385
CVE-2021-36385
Description
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Cerner/Mobile Caredescription
- Range: =5.0.0
Patches
Vulnerability mechanics
References
3- www.blacklanternsecurity.com/2021-08-13-Cerner-MobileCare-CVE/nvdThird Party Advisory
- www.blacklanternsecurity.com/blog/nvdThird Party Advisory
- www.cerner.com/solutions/mobilitynvdProductVendor Advisory
News mentions
0No linked articles in our index yet.