CVE-2012-4261

myCare2x - SQL Injection via lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4261.

AI-analyzed exploit summary The document provides a detailed technical analysis of multiple vulnerabilities in myCare2x CMS, including SQL injection, persistent XSS, and non-persistent XSS. It includes vulnerable parameters, proof-of-concept URLs, and exploitation techniques, demonstrating a deep understanding of the vulnerabilities.

Description

SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18844

View Code ZIP pw:eip

The document provides a detailed technical analysis of multiple vulnerabilities in myCare2x CMS, including SQL injection, persistent XSS, and non-persistent XSS. It includes vulnerable parameters, proof-of-concept URLs, and exploitation techniques, demonstrating a deep understanding of the vulnerabilities.

Classification

Writeup 95%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: myCare2x CMS

No auth needed

Prerequisites: Access to vulnerable myCare2x CMS instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49029

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/75390

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/81684

Scores

EPSS 0.0109

EPSS Percentile 61.2%

Details

CWE

CWE-89

Status published

Products (1)

hccgmbh/mycare2x

Published Aug 13, 2012

Tracked Since Feb 18, 2026