Filtered by vendor Cgm
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10350 | 1 Cgm | 1 Cgm Netraad | 2026-03-03 | N/A |
| SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0. | ||||
| CVE-2025-30035 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user. | ||||
| CVE-2025-30042 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key. | ||||
| CVE-2025-30044 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection. | ||||
| CVE-2025-30062 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | ||||
| CVE-2025-58402 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users. | ||||
| CVE-2025-58405 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses. | ||||
| CVE-2025-58406 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||
| CVE-2025-30041 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. | ||||
| CVE-2025-30048 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication. | ||||
| CVE-2025-30058 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. | ||||
| CVE-2025-30061 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. | ||||
| CVE-2025-30064 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user. | ||||
| CVE-2025-30055 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter. | ||||
| CVE-2025-30056 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system. | ||||
| CVE-2025-30036 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights. | ||||
| CVE-2025-30057 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. | ||||
| CVE-2025-30060 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter. | ||||
| CVE-2025-30040 | 1 Cgm | 1 Clininet | 2025-08-29 | N/A |
| The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. | ||||