CVE-2017-5570 in Patient Portal
Summary
by MITRE
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/14/2026
The vulnerability identified as CVE-2017-5570 represents a critical blind sql injection flaw within the eClinicalWorks Patient Portal version 7.0 build 13. This security weakness exists in the messageJson.jsp component of the application and demonstrates a classic blind sql injection vulnerability that operates without direct error messages or response data to guide exploitation. The flaw specifically affects authenticated users who can leverage http post requests to manipulate the application's database interactions, making this a significant concern for healthcare organizations that rely on electronic patient portals for sensitive medical data management.
The technical implementation of this vulnerability allows attackers with valid authentication credentials to craft malicious payloads that can extract database information through out-of-band techniques. The exploitation process typically involves using functions such as select_loadfile() to exfiltrate data from the target database to an external malicious server. This blind injection approach means that the attacker cannot directly observe the database responses, requiring sophisticated out-of-band data extraction methods to retrieve the information. The vulnerability's classification aligns with cwe-89 which specifically addresses sql injection flaws, and the attack vector demonstrates characteristics consistent with the attack technique described in the attack framework under cwe-94 which covers injection flaws.
The operational impact of this vulnerability extends beyond simple data theft, as it provides attackers with the capability to extract potentially sensitive patient information from healthcare databases. Given that this vulnerability affects a patient portal system, the compromised data could include personal health information, medical records, and other confidential patient details that would violate privacy regulations such as hipaa. The requirement for authentication means that attackers would need to first obtain valid user credentials, but once achieved, they could systematically extract database contents using time-based or error-based blind sql injection techniques combined with out-of-band data exfiltration methods.
Organizations should implement comprehensive mitigation strategies that include immediate patching of the affected eClinicalWorks Patient Portal version, along with network monitoring for suspicious outbound connections that might indicate data exfiltration attempts. Input validation and output encoding should be strengthened throughout the application to prevent sql injection exploitation, while regular security assessments should be conducted to identify similar vulnerabilities in other components of the healthcare information system. The vulnerability also highlights the importance of least privilege access controls and multi-factor authentication for healthcare portals to minimize the impact of credential compromise. Additionally, network segmentation and intrusion detection systems should be configured to monitor for unusual data transfer patterns that could indicate successful exploitation of blind sql injection vulnerabilities.