CVE-2015-4593

HIGH

eClinicalWorks Population Health - Cross-Site Request Forgery in portalUserService.jsp

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4593. PoCs published by Jerold Hoong.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.

Description

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.

Exploits (1)

exploitdb WORKING POC

by Jerold Hoong · textwebappsjsp

https://www.exploit-db.com/exploits/39402

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.

Classification

Working Poc 100%

Attack Type

Xss | Sqli | Csrf | Other

Complexity

Trivial

Reliability

Reliable

Target: eClinicalWorks Population Health (CCMR) Client Portal Software

Auth required

Prerequisites: Authenticated user access · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39402/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537420/100/0/threaded

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMR-SQL-Injection-CSRF-XSS.html

Scores

CVSS v3 8.8

EPSS 0.0336

EPSS Percentile 87.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

eclinicalworks/population_health

Published Jan 10, 2017

Tracked Since Feb 18, 2026