CVE-2025-30058
Description
In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in CGM CLININET's PatientService.pl allows attackers to execute arbitrary SQL via the 'pesel' parameter.
Vulnerability
The getPatientIdentifier function in the PatientService.pl service of CGM CLININET is vulnerable to SQL injection through the peselpesel` parameter. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, leading to a classic injection flaw [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted request to the vulnerable endpoint with malicious SQL code in the pesel parameter. No authentication is required if the service is exposed, though the attack surface depends on network access to the service. The vulnerability is present in all versions before the 2025.MS1 update [1].
Impact
Successful exploitation allows an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access to sensitive patient data, modification of records, or further compromise of the application server.
Mitigation
The vendor has released version 2025.MS1 which addresses this vulnerability. Users are strongly advised to update immediately. No workarounds have been published [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.