CVE-2017-5569

Name of the Vulnerable Software and Affected Versions eClinicalWorks Patient Portal version 7.0 build 13

Description An issue was discovered that allows for blind SQL injection within the template.jsp file. This can be exploited without authentication via an HTTP POST request. The issue can be used to dump database data to a malicious server using out-of-band techniques such as select loadfile().

Recommendations For eClinicalWorks Patient Portal version 7.0 build 13, consider restricting access to the template.jsp file until a patch is available. As a temporary workaround, avoid using the vulnerable template.jsp file to minimize the risk of exploitation.