VYPR

Mobile Care

by Cerner

CVEs (1)

  • CVE-2021-36385CriAug 24, 2021
    risk 0.64cvss 9.8epss 0.03

    A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.