Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 04 Jun 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 04 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Care2x care2x
|
|
| Vendors & Products |
Care2x care2x
|
Thu, 04 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication. | |
| Title | Care2x 2.7 Hospital Information System SQL Injection via ck_config | |
| First Time appeared |
Care2x
Care2x hospital Information Management |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:care2x:hospital_information_management:2.7:alpha:*:*:*:*:*:* | |
| Vendors & Products |
Care2x
Care2x hospital Information Management |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-04T14:31:35.334Z
Reserved: 2026-06-04T10:51:04.370Z
Link: CVE-2019-25728
Updated: 2026-06-04T14:31:31.391Z
Status : Deferred
Published: 2026-06-04T14:16:30.413
Modified: 2026-06-04T15:00:40.757
Link: CVE-2019-25728
No data.
OpenCVE Enrichment
Updated: 2026-06-04T15:15:16Z