HIGH
care2x
CVE published 2026-06-04
CVE-2019-25728
CVE-2019-25728 is a HIGH severity vulnerability in Care2x 2.7, with a CVSS score of 8.8. The vulnerability allows unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter in multiple endpoints, including login.php, indexframe.php, and various module files. This enables attackers to extract sensitive database information without authentication.