Filtered by vendor Care2x
Subscriptions
Filtered by product Hospital Information Management
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25728 | 1 Care2x | 2 Care2x, Hospital Information Management | 2026-06-04 | 8.2 High |
| Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication. | ||||
| CVE-2021-36352 | 1 Care2x | 1 Hospital Information Management | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters. | ||||
Page 1 of 1.