Lucene search
K

62 matches found

nvd
nvd
added 2025/08/27 11:15 a.m.4 views

CVE-2025-30040

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS0.0017EPSS
Exploits0References1
nvd
nvd
added 2025/08/27 11:15 a.m.4 views

CVE-2025-30038

The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...

7.3CVSS0.00157EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/27 10:21 a.m.6 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS0.00165EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/27 10:21 a.m.3 views

CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS7.2AI score0.00165EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/27 10:21 a.m.9 views

CVE-2025-30040 Missing authentication in API returning request logs containing session IDs

The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint...

9CVSS0.0017EPSS
Exploits0References1
cve
cve
added 2025/08/27 10:21 a.m.15 views

CVE-2025-30040

Technical details about CVE-2025-30040 are not publicly available in the provided connected documents. Monitor for updates from official advisories and EUVD entries.

9CVSS6AI score0.0017EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/27 10:20 a.m.3 views

CVE-2025-30039 Missing authentication in API returning a list of all active sessions

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...

9CVSS7.1AI score0.00165EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/27 10:20 a.m.5 views

CVE-2025-30039 Missing authentication in API returning a list of all active sessions

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges...

9CVSS0.00165EPSS
Exploits0References1
cve
cve
added 2025/08/27 10:20 a.m.21 views

CVE-2025-30039

Technical details about CVE-2025-30039 are not publicly available in the provided documents; no explicit affected products, versions, or remediation are given in connected documents. Monitor for updates.

9CVSS6.1AI score0.00165EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.4 views

CGM CLININET 跨站脚本漏洞

CGM CLININET is a hospital information management system from German company CGM. A cross-site scripting vulnerability exists in CGM CLININET that stems from stored cross-site scripting in the Death Diagnosis Description field in the Oddzial module, which could lead to session hijacking or...

8.8CVSS5.6AI score0.00146EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.4 views

CGM CLININET 访问控制错误漏洞

CGM CLININET is a hospital information management system from CGM Germany. An access control error vulnerability exists in CGM CLININET that originates from unauthenticated access to the serverConfig endpoint to obtain credentials...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.4 views

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that originates from a session ID disclosure via an NTFS alternate data stream...

7.3CVSS6.1AI score0.00157EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/27 12:0 a.m.4 views

PT-2025-34847 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...

9.4CVSS5.9AI score0.00231EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.5 views

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that stems from the decodeParam function not verifying the signature algorithm, which could lead to the generation of arbitrary user sessions...

8.8CVSS6.3AI score0.00077EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.4 views

CGM CLININET 访问控制错误漏洞

CGM CLININET is a hospital information management system from German company CGM. An access control error vulnerability exists in CGM CLININET that originates from an internal endpoint that is publicly accessible without authentication...

8.8CVSS6.2AI score0.00249EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.6 views

CGM CLININET SQL注入漏洞

CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the getPerfServiceIds function, which could lead to a SQL injection attack...

6.9CVSS7.2AI score0.00198EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/27 12:0 a.m.5 views

PT-2025-34845 · Unknown · Cgm Clininet

Name of the Vulnerable Software and Affected Versions: CGM CLININET affected versions not specified Description: The issue involves a session ID leak when saving a file downloaded from CGM CLININET. The session identifier is exposed through a built-in Windows security feature that stores addition...

9.4CVSS5.8AI score0.00231EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.7 views

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from German company CGM. A code injection vulnerability exists in CGM CLININET, which originates when a system function receives unauthenticated user input and could lead to the execution of arbitrary code...

9CVSS7.2AI score0.00217EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/27 12:0 a.m.6 views

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from the German company CGM. A security vulnerability exists in CGM CLININET, which originates from a configuration file that contains database login information and can be read by a local user, potentially leading to information disclosure...

9.4CVSS5.9AI score0.00125EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/27 12:0 a.m.7 views

PT-2025-34846 · Clininet · Clininet

Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: Unauthenticated access to the /cgi-bin/CliniNET.prd/GetActiveSessions.pl endpoint allows takeover of any user session logged into the system, including those with administrative privileges...

9.4CVSS5.8AI score0.00231EPSS
Exploits0References5
Rows per page
Query Builder