Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CGM CLININET — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in CGM CLININET, with AI-generated Chinese analysis, references, and POCs.

Vendor: CGM

CVE IDTitleCVSSSeverityPublished
CVE-2025-58406 Lack of HTTP Response Headers CWE-693 6.5AIMediumAI2026-03-02
CVE-2025-58405 Lack of protection mechanisms against Clickjacking attacks CWE-1021 6.5AIMediumAI2026-03-02
CVE-2025-58402 Insecure Direct Object Reference Message ID CWE-639 7.5AIHighAI2026-03-02
CVE-2025-30062 SQL injection in CheckUnitCodeAndKey.pl CWE-89 9.8AICriticalAI2026-03-02
CVE-2025-30044 RCE on uhcapache user permissions CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-30042 Session generation possible with certificate number only CWE-603 6.6AIMediumAI2026-03-02
CVE-2025-30035 Lack of API authentication allowing session generation for any user CWE-306 9.8AICriticalAI2026-03-02
CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key CWE-912 9.1AICriticalAI2025-08-27
CVE-2025-30063 Excessive permissions on configuration files containing database logins and passwords CWE-732 7.1AIHighAI2025-08-27
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter CWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30060 SQL injection in ReturnUserUnitsXML.pl via the UserID parameter CWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30059 Authenticated SQL injection in PrepareCDExportJSON.pl CWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30058 SQL injection in getPatientIdentifier function of PatientService.pl CWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF CWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30056 Calling system commands via RunCommand CWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30055 Conditional RCE via the "system" function CWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30048 Unauthenticated access to module configuration endpoint CWE-306 7.5AIHighAI2025-08-27
CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs CWE-306 7.5AIHighAI2025-08-27
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs CWE-306 5.3AIMediumAI2025-08-27
CVE-2025-30039 Missing authentication in API returning a list of all active sessions CWE-306 9.8AICriticalAI2025-08-27
CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files CWE-1230 3.3AILowAI2025-08-27
CVE-2025-30037 Missing authentication in APIs allowing data retrieval and modification CWE-306 7.5AIHighAI2025-08-27
CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user CWE-79 7.6AIHighAI2025-08-27
CVE-2025-2313 RCE via Print.pl in uhcPrintServerPrint CWE-94 9.8AICriticalAI2025-08-27

All 24 known CVE vulnerabilities affecting CGM CLININET with full Chinese analysis, references, and POCs where available.