myCare2x Cross-Site Scripting and SQL Injection

by Carol~ Moderator - 5/4/12 12:42 PM

In Reply to: VULNERABILITIES / FIXES - May 04, 2012 by Carol~ Moderator

myCare2x Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2012-05-04

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: myCare2x

Description:
Multiple vulnerabilities have been reported in myCare2x, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed via the "lang" parameter to modules/patient/mycare2x_pat_info.php, the "dept_nr" and "pid" parameters to modules/importer/mycare2x_importer.php, and the "pid" and "name_last" parameters to modules/patient/mycare_pid.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "name_last", "name_first", "name_middle", and "name_maiden" parameters to modules/patient/mycare_pid.php, the "favorites" and "lang" parameters to modules/nursing/mycare_ward_print.php, the "aktion" and "callurl" parameters to modules/patient/mycare2x_pat_info.php, and the "ln" parameter to modules/drg/mycare2x_proc_search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Vulnerability Lab.

Original Advisory:
http://www.vulnerability-lab.com/get_content.php?id=524

http://secunia.com/advisories/49029/