Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of API authentication allowing session generation for any user
Vulnerability Description
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
CGM CLININET 访问控制错误漏洞
Vulnerability Description
CGM CLININET是德国CGM公司的一款医院信息管理系统。 CGM CLININET存在访问控制错误漏洞,该漏洞源于身份验证可被完全绕过,可能导致会话劫持和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A