It written in PHP version 5.x, it is vulnerable to SQL Injection. In a deeper analysis other pages are also affected with the vulnerability over the same input. Admin or users valid credentials aren't required. This allows unauthenticated remote attacker to execute arbitrary SQL commands and obtain private information. Care2x provides some other features as CCTV integration which has not been seen in other open source HIS.
# Exploit Title: Care2x 2.7 (HIS) Hospital Information system - Multiples SQL InjectionĬare2x is PHP based Hospital Information system, It features complete clinical flow management, laboratory management, patient records, multi-user support with permissions, stock management and accounting and billing management, PACS integration and DICOM viewer.
0 kommentar(er)
