VYPR
Vendor

Care2x

Products
3
CVEs
6
Across products
7
Status
Private

Products

3

Recent CVEs

6
  • CVE-2021-36351CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.

  • CVE-2019-25728HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including…

  • CVE-2021-36352MedAug 26, 2021
    risk 0.35cvss 5.4epss 0.01

    Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2",…

  • CVE-2007-1458Mar 14, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5)…

  • CVE-2007-5418Oct 12, 2007
    risk 0.00cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5)…

  • CVE-2007-1574Mar 21, 2007
    risk 0.00cvss epss 0.01

    CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.