62 matches found
CVE-2025-30040
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...
CVE-2025-30038
The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...
CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...
CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...
CVE-2025-30040
Technical details about CVE-2025-30040 are not publicly available in the provided connected documents. Monitor for updates from official advisories and EUVD entries.
CVE-2025-30039 Missing authentication in API returning a list of all active sessions
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...
CVE-2025-30039 Missing authentication in API returning a list of all active sessions
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...
CVE-2025-30039
Technical details about CVE-2025-30039 are not publicly available in the provided documents; no explicit affected products, versions, or remediation are given in connected documents. Monitor for updates.
CGM CLININET 跨站脚本漏洞
CGM CLININET is a hospital information management system from German company CGM. A cross-site scripting vulnerability exists in CGM CLININET that stems from stored cross-site scripting in the Death Diagnosis Description field in the Oddzial module, which could lead to session hijacking or...
CGM CLININET 访问控制错误漏洞
CGM CLININET is a hospital information management system from CGM Germany. An access control error vulnerability exists in CGM CLININET that originates from unauthenticated access to the serverConfig endpoint to obtain credentials...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that originates from a session ID disclosure via an NTFS alternate data stream...
PT-2025-34847 · Clininet · Clininet
Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that stems from the decodeParam function not verifying the signature algorithm, which could lead to the generation of arbitrary user sessions...
CGM CLININET 访问控制错误漏洞
CGM CLININET is a hospital information management system from German company CGM. An access control error vulnerability exists in CGM CLININET that originates from an internal endpoint that is publicly accessible without authentication...
CGM CLININET SQL注入漏洞
CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the getPerfServiceIds function, which could lead to a SQL injection attack...
PT-2025-34845 · Unknown · Cgm Clininet
Name of the Vulnerable Software and Affected Versions: CGM CLININET affected versions not specified Description: The issue involves a session ID leak when saving a file downloaded from CGM CLININET. The session identifier is exposed through a built-in Windows security feature that stores addition...
CGM CLININET 代码注入漏洞
CGM CLININET is a hospital information management system from German company CGM. A code injection vulnerability exists in CGM CLININET, which originates when a system function receives unauthenticated user input and could lead to the execution of arbitrary code...
CGM CLININET 安全漏洞
CGM CLININET is a hospital information management system from the German company CGM. A security vulnerability exists in CGM CLININET, which originates from a configuration file that contains database login information and can be read by a local user, potentially leading to information disclosure...
PT-2025-34846 · Clininet · Clininet
Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: Unauthenticated access to the /cgi-bin/CliniNET.prd/GetActiveSessions.pl endpoint allows takeover of any user session logged into the system, including those with administrative privileges...