CVE-2015-4592

HIGH

eClinicalWorks Population Health - Authenticated SQL Injection via portalUserService.jsp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4592. PoCs published by Jerold Hoong.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.

Description

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

Exploits (1)

exploitdb WORKING POC
by Jerold Hoong · textwebappsjsp
https://www.exploit-db.com/exploits/39402

The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.

Classification
Working Poc 100%
Attack Type
Xss | Sqli | Csrf | Other
Complexity
Trivial
Reliability
Reliable
Target: eClinicalWorks Population Health (CCMR) Client Portal Software
Auth required
Prerequisites: Authenticated user access · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39402/
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537420/100/0/threaded

Scores

CVSS v3 8.8
EPSS 0.0335
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
eclinicalworks/population_health
Published Jan 10, 2017
Tracked Since Feb 18, 2026