CVE-2015-4594
CRITICALeClinicalWorks Population Health - Session Fixation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-4594. PoCs published by Jerold Hoong.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.
Description
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
Exploits (1)
The exploit demonstrates multiple vulnerabilities in eClinicalWorks Population Health (CCMR) Client Portal Software, including XSS, SQL injection, CSRF, and session fixation. It provides detailed payloads and proof-of-concept code for each vulnerability.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H