Care2x Hospital Information Management System 0-day Vulnerability (CVE-2021-36352)

Care2x Hospital Information Management System 0-day Vulnerability (CVE-2021-36352)

Care2x is a web application software written using the PHP programming language to create a hospital information management system. When the software is downloaded through Github or SourceForge, the source code will be included, and you will be able to run the software on your server.

As a result of our researches, we detected Stored Cross Site Scripting (XSS) vulnerability in "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters in POST request sent to the "patient_register.php" page in the Care2x hospital information management system application.

 

How Did We Detect Care2x Hospital Information Management System Stored Cross-Site Scripting (XSS) Vulnerability?

As the Security For Everyone team, we regularly look for vulnerabilities in the software we have chosen to find 0-day. One of the software we chose was the Care2x Hospital Information Management System web application, which serves hospitals. After deciding on the application that we are going to look for vulnerability, we performed the following steps in order:

  • We decided to manually examine the source codes of the application downloaded from SourceForge after seeing that it was examined with automatic source code analysis tools that produced too many false positives.
  • As a result of our static and dynamic analyses on the source code, we detected Stored Cross Site Scripting (XSS) vulnerability in "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters in POST request sent to the "patient_register.php" page.
  • We discovered that the vulnerability could be triggered when sending the required XSS payload to this vulnerable parameter.
  • Using the Stored XSS vulnerability we detected, we takeover another user account.
  • Finally, we applied to Mitre and got our CVE code.

 

What To Do?

Although the software was last updated in 2018, we tried to contact the developer after detecting the vulnerability, but we couldn't find anyone relevant to update. Since the software does not receive an update or patch anymore, Security For Everyone team recommends using a more stable web application software that receives updates and patches instead of this software.

 

Sources

  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36352
  • https://www.exploit-db.com/exploits/50197
  • https://sourceforge.net/projects/care2002/
  • https://care2x.org

 

Share: