Care2x Hospital Information Management System 0-day Vulnerability (CVE-2021-36351)

Care2x Hospital Information Management System 0-day Vulnerability (CVE-2021-36351)

Care2x, is a web application software written using the PHP programming language that allows you to create a hospital information management system. When the software is downloaded through Github or SourceForge, the source code will be included, and you will be able to run the software on your server.

As a result of our researches, we detected SQL Injection vulnerability in "pday", "pmonth", "pyear" parameters in GET request sent to the "nursing-station.php" page in the Care2x hospital information management system application.

How Did We Detect Care2x Hospital Information Management System SQL Injection Vulnerability?

As the Security For Everyone team, we regularly look for vulnerabilities in the software we have chosen to find 0-day. One of the software we chose was the Care2x Hospital Information Management System web application, which serves hospitals. After deciding on the application that we are going to look for vulnerability, we performed the following steps in order:

  • We decided to manually examine the source codes of the application downloaded from SourceForge after we saw that examining it with automatic source code analysis tools produced too many false positives.
  • As a result of our static and dynamic analyses on the source code, we detected a SQL injection vulnerability in "pday", "pmonth", "pyear" parameters sent to the nursing-station.php page.
  • We discovered that the vulnerability could be triggered when we sent the required SQL injection payload to this vulnerable parameter.
  • Using the SQL injection vulnerability we detected, we could access all tables and data in the database.
  • Finally, we applied to Mitre and got our CVE code.

What To Do?

Although the software was last updated in 2018, we tried to contact the developer after detecting the vulnerability, but we couldn't find anyone relevant to update. Since the software does not receive an update or patch anymore, Security For Everyone team recommends using a more stable web application software that receives updates and patches instead of this software.