RSS   Vulnerabilities for 'Mobile care'   RSS

2021-08-24
 
CVE-2021-36385

CWE-89
 

 
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.

 

 >>> Vendor: Cerner 2 Products
Medico
Mobile care


Copyright 2024, cxsecurity.com

 

Back to Top