25 matches found
CVE-2026-40552
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...
CVE-2026-40550
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...
CVE-2026-40551
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40550
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...
CVE-2026-40552
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...
CVE-2026-40551
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
EUVD-2026-26046
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...
CVE-2026-40552
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...
CVE-2026-40552
CVE-2026-40552 affects mpGabinet ≤ 23.12.19 and describes a Remote Command Execution via processing an attachment. An authorized user with DB access can cause system command execution by uploading an attachment and modifying its storage path to reference an attacker-controlled remote resource, or...
CVE-2026-40552 Remote Code Execution in mpGabinet
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...
CVE-2026-40551 Use of Client-Side Authentication in mpGabinet
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40551 Use of Client-Side Authentication in mpGabinet
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
EUVD-2026-26045
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40551
mpGabinet is affected by a vulnerability where client-side authentication can be bypassed. An attacker with access to any application instance connected to the backend can manipulate the application binary to authenticate as an arbitrary user, bypassing login verification. Affected versions are 2...
CVE-2026-40551
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...
CVE-2026-40550 Privilege Escalation in mpGabinet
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...
EUVD-2026-26044
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...
CVE-2026-40550 Privilege Escalation in mpGabinet
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...
CVE-2026-40550
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-40550 ; current descriptions indicate privilege escalation via memory-resident database credentials but lack specific affected components, versions beyond 23.12.19.
BinSoft mpGabinet 安全漏洞
BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2021, contained security vulnerabilities. These vulnerabilities were due to issues with remote command execution, which could allow authorized users...