CVE-2019-25728

Deferred Deferred - Pending Action

SQL Injection in Care2x 2.7 via ck_config Cookie

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: VulnCheck

Description

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject malicious SQL through the ck_config cookie in multiple endpoints including login.php, indexframe.php, and various module files to extract sensitive database information without authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-04

Last Modified

2026-06-04

Generated

2026-06-25

AI Q&A

2026-06-04

EPSS Evaluated

2026-06-23

NVD

CVE-2019-25728

EUVD

EUVD-2019-20164

Affected Vendors & Products

Vendor	Product	Version / Range
care2x	care2x	2.7
care2x	care2x	to 2.7 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Compliance Impact

The vulnerability allows unauthenticated attackers to execute arbitrary SQL commands and extract sensitive database information from the Care2x Hospital Information System. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and health-related information.

Since attackers can access sensitive information without authentication, this flaw undermines the confidentiality and integrity requirements mandated by these standards, potentially resulting in data breaches and regulatory penalties.

Executive Summary

Care2x version 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter.

Attackers can inject malicious SQL code via the ck_config cookie in multiple endpoints, including login.php, indexframe.php, and various module files, enabling extraction of sensitive database information without authentication.

Impact Analysis

This vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands on the Care2x system.

As a result, attackers can extract sensitive database information without needing valid admin or user credentials.

This can lead to unauthorized access to confidential data stored in the hospital information system, potentially compromising patient information and system integrity.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests for suspicious manipulation of the 'ck_config' cookie parameter, especially targeting endpoints like login.php and indexframe.php.

One approach is to capture and analyze web traffic to identify unusual SQL syntax or injection patterns within the 'ck_config' cookie.

While specific commands are not provided in the resources, typical detection methods include using tools like curl or Burp Suite to send crafted requests with SQL injection payloads in the 'ck_config' cookie and observing the responses for database errors or unexpected data leakage.

Example curl command to test injection in the ck_config cookie: curl -v --cookie "ck_config=' OR '1'='1" http://target/login.php
Use web vulnerability scanners configured to test SQL injection on cookie parameters.

Mitigation Strategies

Immediate mitigation steps include validating and sanitizing all inputs, especially the 'ck_config' cookie parameter, to prevent SQL injection.

Applying input validation across all application classes and endpoints that process this cookie is critical.

If possible, update or patch the Care2x system to a version that addresses this vulnerability.

As a temporary measure, consider implementing web application firewall (WAF) rules to block suspicious SQL injection patterns in cookies.

Hi! I’m here to help you understand CVE-2019-25728. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2019-25728

SQL Injection in Care2x 2.7 via ck_config Cookie

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart