Vulnerability Details CVE-2021-36351
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36351
- https://www.exploit-db.com/exploits/50165
- https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36351
- https://www.exploit-db.com/exploits/50165
Products affected by CVE-2021-36351
-
cpe:2.3:a:care2x:hospital_information_management_system:*