Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key
Vulnerability Description
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.
CVSS Information
N/A
Vulnerability Type
隐藏功能
Vulnerability Title
CGM CLININET 安全漏洞
Vulnerability Description
CGM CLININET是德国CGM公司的一款医院信息管理系统。 CGM CLININET存在安全漏洞,该漏洞源于decodeParam函数未验证签名算法,可能导致生成任意用户会话。
CVSS Information
N/A
Vulnerability Type
N/A