Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hard-coded passwords in KlinikaXP
Vulnerability Description
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KlinikaXP: before 5.39.01.01. and KlinikaXP Insertino before 3.1.0.1 Beside removing the hardcoded credentials from the code, previously exposed credentials were also rotated preventing further attack attempts.
CVSS Information
N/A
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
KlinikaXP Klinika XP和KlinikaXP Insertino 信任管理问题漏洞
Vulnerability Description
KlinikaXP Klinika XP和KlinikaXP Insertino都是波兰KlinikaXP公司的一个用于医疗诊所管理的软件,提供预约管理、患者记录和账单处理等功能。 Klinika XP 5.39.01.01.之前版本和KlinikaXP Insertino 3.1.0.1之前版本存在信任管理问题漏洞,该漏洞源于使用硬编码凭据,可能导致未经授权的攻击者访问多个内部服务,包括托管应用程序更新包的FTP服务器,从而上传恶意更新文件。
CVSS Information
N/A
Vulnerability Type
N/A