PatchSiren cyber security CVE debrief
CVE-2017-5569 Eclinicalworks CVE debrief
CVE-2017-5569 is a critical SQL injection flaw in eClinicalWorks Patient Portal 7.0 build 13. The issue is described as a blind SQL injection in template.jsp that can be triggered without authentication through an HTTP POST request. Because the flaw can be used with out-of-band techniques to pull database data to a malicious server, it presents a high-risk exposure for patient portal deployments.
- Vendor
- Eclinicalworks
- Product
- CVE-2017-5569
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-23
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-23
- Advisory updated
- 2026-05-13
Who should care
Healthcare IT teams, eClinicalWorks Patient Portal operators, application security teams, and incident responders responsible for internet-facing patient portal instances should treat this as urgent. Any environment running the affected portal version should assume direct risk from unauthenticated remote abuse.
Technical summary
NVD records CVE-2017-5569 as affecting eClinicalWorks Patient Portal 7.0 and classifies it as CWE-89 (SQL Injection). The NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting network-reachable exploitation with no privileges or user interaction required. The CVE description states the vulnerable path is template.jsp, the attack is blind SQL injection over HTTP POST, and data exfiltration may occur through out-of-band methods such as select_loadfile().
Defensive priority
Immediate. Internet-facing patient portal instances should be reviewed and isolated or remediated as soon as possible because the issue is remotely exploitable without authentication and carries high confidentiality, integrity, and availability impact.
Recommended defensive actions
- Confirm whether eClinicalWorks Patient Portal 7.0 build 13 is deployed anywhere in the environment.
- Prioritize vendor guidance, hotfixes, or upgrade paths for any affected instance.
- Restrict external access to the patient portal until remediation is complete, especially if patching cannot be verified immediately.
- Review web and database logs for unusual POST activity targeting template.jsp and unexpected database read behavior.
- Validate that database accounts used by the application follow least-privilege principles and cannot access sensitive filesystem locations unnecessarily.
- If exposure is confirmed, perform an incident review for possible data access or exfiltration and rotate credentials or secrets that may have been exposed.
Evidence notes
Primary source evidence comes from the NVD CVE record and its modified entry dated 2026-05-13T00:24:29.033Z, which identifies eClinicalWorks Patient Portal 7.0 as vulnerable and maps the issue to CWE-89. The provided CVE description states the attack is unauthenticated, uses HTTP POST against template.jsp, and may exfiltrate data via out-of-band SQL injection techniques. No KEV entry was supplied for this CVE in the corpus.
Official resources
-
CVE-2017-5569 CVE record
CVE.org
-
CVE-2017-5569 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE published by NVD/CVE on 2017-01-23T17:59:00.143Z and last modified on 2026-05-13T00:24:29.033Z. No Known Exploited Vulnerabilities (KEV) listing was provided in the supplied corpus.