62 matches found
CVE-2025-10350 SQL injection in CGM NETRAAD
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
EUVD-2025-208145
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
CGM CLININET 访问控制错误漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a vulnerability related to access control, which allows for complete bypass of authentication procedures. This vulnerability may lead to session hijacking and privilege escalation...
PT-2026-22575
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability that stems from the use of direct and continuous object identifiers called MessageID, without proper authorization checks. This vulnerability could allow attacke...
PT-2026-22573
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...
CGM CLININET SQL注入漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the validateOrgUnit function within the CheckUnitCodeAndKey.pl service...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability, which stems from the absence of necessary security HTTP headers in responses. This vulnerability may lead to client-side attacks such as clickjacking, MIME...
PT-2026-22577
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...
EUVD-2025-27768
Malicious code in bioql PyPI...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19810)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of the UserID parameter of the getUserInfo function against external input SQL statements. An attacker can exploit this...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...
Unspecified Vulnerability in CGM CLININET
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET has a security vulnerability that can be exploited by attackers to potentially cause information leakage...
CGM CLININET Code Injection Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the ConvertToPDF function's filename parameter failing to properly filter special elements of the constructed code segment. An attacker can exploit...
CGM CLININET SQL Injection Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of the pesel parameter of the getPatientIdentifier function against externally entered SQL statements. An attacker can...
CGM CLININET Access Control Error Vulnerability (CNVD-2025-19816)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an Access Control Error vulnerability that originates from improper access control in /cgi-bin/CliniNET.prd/utils/userlogxls.pl, which can be exploited by an attacker to gain unauthorized access t...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19815)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the uhcPrintServerPrint function failing to properly filter special elements of the constructed code segment. An attacker could exploit this...
CGM CLININET Code Injection Vulnerability (CNVD-2025-19812)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a code injection vulnerability that stems from the RunCommand function failing to properly filter the special elements of the constructor code segment. An attacker can exploit this vulnerability t...
CGM CLININET Trust Management Issue Vulnerability
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a trust management issue vulnerability that stems from the decodeParam function not verifying the signature algorithm, which can be exploited by an attacker to generate arbitrary user sessions...
CVE-2025-30041
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...