Carlos Avila

**Name of the Vulnerable Software and Affected Versions** Care2x version 2.7 **Description** Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL commands. This is achieved by manipulating the `ck config` cookie parameter across several endpoints, including 'login.php', 'indexframe.php', and various module files, enabling the extraction of sensitive database information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.

**Name of the Vulnerable Software and Affected Versions** LabCollector version 5.423 **Description** LabCollector version 5.423 has multiple SQL injection flaws. Unauthenticated attackers can execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the `login` parameter of the ''login.php'' endpoint or the `user name` parameter of the ''retrieve password.php'' endpoint to extract sensitive database information without authentication. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the ''login.php'' and ''retrieve password.php'' endpoints. Sanitize the `login` parameter in ''login.php'' to prevent SQL injection. Sanitize the `user name` parameter in ''retrieve password.php'' to prevent SQL injection.