VYPR

CliniNET

by CliniNET

CVEs (3)

  • CVE-2025-30041CriAug 27, 2025
    risk 0.59cvss epss 0.00

    The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs.

  • CVE-2025-30040CriAug 27, 2025
    risk 0.59cvss epss 0.00

    The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint.

  • CVE-2025-30039CriAug 27, 2025
    risk 0.59cvss epss 0.00

    Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges.