DHHS VIC Webmail.

Un-authenticated SQL Injection vulnerability in DHHS VIC Webmail allows an attacker to view all emails and usernames, as well as inject arbitrary queries into the database.

The VIC (Veteran’s Information Center) web application is a WordPress-based web portal that gives veterans and their dependents access to various services such as log in to view your VA health care records, checking the status of claims, uploading documents to track claims, etc.

Read About the article: DHHS Webmail

VIC has an authenticated API that allows third-party software to integrate with it. For example, an iOS app called MyHealtheVet provides access to most of the features VIC offers.

The VIC Webmail system is a WordPress plugin developed for DHHS by Localtis. Here’s how it is described: “WebMail enables registered users to conveniently use the email from any device anytime and anywhere, as long as they have an internet connection.”