CVE-2015-4592

HIGH

Eclinicalworks Population Health - SQL Injection

Title source: rule

Description

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

Exploits (1)

exploitdb WORKING POC

by Jerold Hoong · textwebappsjsp

https://www.exploit-db.com/exploits/39402

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39402/

Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537420/100/0/threaded

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMR-SQL-Injection-CSRF-XSS.html

Scores

CVSS v3 8.8

EPSS 0.0058

EPSS Percentile 68.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

eclinicalworks/population_health

Published Jan 10, 2017

Tracked Since Feb 18, 2026