CVE-2025-30061
Description
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An SQL injection vulnerability in CGM CLININET's OpenReportWindow.pl service allows an attacker to execute arbitrary SQL commands via the UserID parameter.
CVE-2025-30061 is an SQL injection vulnerability found in the 'utils/Reporter/OpenReportWindow.pl' service of CGM CLININET. The flaw originates from improper sanitization of the 'UserID' parameter, enabling an attacker to inject malicious SQL statements [1].
An attacker can exploit this by sending a crafted HTTP request to the vulnerable endpoint with a malicious 'UserID' value. The attack is remotely exploitable and does not require authentication, giving an attacker with network access the ability to execute arbitrary SQL commands against the database [1].
Successful exploitation could allow the attacker to read, modify, or delete sensitive data, including patient records and system configuration, potentially leading to data breaches or service disruption [1].
The vendor, CGM, has addressed this vulnerability in a software update. Users are advised to upgrade to the latest version of CGM CLININET and apply the relevant security patches to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.