Care2x
by Care2x
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36351 | Cri | 0.64 | 9.8 | 0.02 | Aug 6, 2021 | SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php. | ||
| CVE-2019-25728 | Hig | 0.53 | 8.2 | 0.00 | Jun 4, 2026 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including… | ||
| CVE-2021-36352 | Med | 0.35 | 5.4 | 0.01 | Aug 26, 2021 | Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2",… | ||
| CVE-2007-1458 | 0.04 | — | 0.07 | Mar 14, 2007 | Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5)… | |||
| CVE-2007-5418 | 0.00 | — | 0.03 | Oct 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5)… | |||
| CVE-2007-1574 | 0.00 | — | 0.01 | Mar 21, 2007 | CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- risk 0.64cvss 9.8epss 0.02
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
- risk 0.53cvss 8.2epss 0.00
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including…
- risk 0.35cvss 5.4epss 0.01
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2",…
- CVE-2007-1458Mar 14, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5)…
- CVE-2007-5418Oct 12, 2007risk 0.00cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5)…
- CVE-2007-1574Mar 21, 2007risk 0.00cvss —epss 0.01
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.