CVE-2012-4260

myCare2x - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4260. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The document provides a detailed technical analysis of multiple vulnerabilities in myCare2x CMS, including SQL injection, persistent XSS, and non-persistent XSS. It includes vulnerable parameters, proof-of-concept URLs, and exploitation techniques.

Description

Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/18844

View Code ZIP pw:eip

The document provides a detailed technical analysis of multiple vulnerabilities in myCare2x CMS, including SQL injection, persistent XSS, and non-persistent XSS. It includes vulnerable parameters, proof-of-concept URLs, and exploitation techniques.

Classification

Writeup 95%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: myCare2x CMS

No auth needed

Prerequisites: Access to vulnerable myCare2x CMS instance

MITRE ATT&CK