CVE-2021-3118

CRITICAL

EVOLUCARE ECSIMAGING < 6.21.5 - SQL Injection via Login and Password Reset Forms

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3118. PoCs published by shoxxdj.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ECSIMAGING PACS 6.21.5 and below, specifically targeting the 'email' parameter in the 'req_password_user.php' endpoint. The payload examples show how to leak database information or perform union-based SQLi attacks.

Description

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploits (1)

exploitdb WORKING POC
by shoxxdj · textwebappsphp
https://www.exploit-db.com/exploits/49392

This exploit demonstrates a SQL injection vulnerability in ECSIMAGING PACS 6.21.5 and below, specifically targeting the 'email' parameter in the 'req_password_user.php' endpoint. The payload examples show how to leak database information or perform union-based SQLi attacks.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ECSIMAGING PACS 6.21.5 and below
No auth needed
Prerequisites: Access to the target application's 'req_password_user.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49392

Scores

CVSS v3 9.8
EPSS 0.0183
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
medicalexpo/ecs_imaging < 6.21.5
Published Jan 11, 2021
Tracked Since Feb 18, 2026