Filtered by vendor Cgm
Subscriptions
Filtered by product Clininet
Subscriptions
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30056 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||
| CVE-2025-30058 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. | ||||
| CVE-2025-30036 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| Stored XSS vulnerability exists in the "OddziaĆ" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights. | ||||
| CVE-2025-30037 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp. | ||||
| CVE-2025-30041 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. | ||||
| CVE-2025-30064 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user. | ||||
| CVE-2025-30061 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. | ||||
| CVE-2025-30040 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. | ||||
| CVE-2025-30048 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication. | ||||
| CVE-2025-30057 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. | ||||
| CVE-2025-30060 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter. | ||||
| CVE-2025-30055 | 1 Cgm | 1 Clininet | 2025-08-27 | N/A |
| The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter. | ||||
Page 1 of 1.