VYPR

healow@work

by Eclinicalworks

CVEs (1)

  • CVE-2017-5598HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server,…