CGM CLININET Vulnerability Advisory: SQLi, Code Injection, Auth Bypass (CVE-2023-3313, CVE-2023-3366, etc.)

Critical Vulnerability Information Vulnerability Overview Product: CGM CLININET software Release Date: August 27, 2023 Reporting Source: CERT Polska Vulnerability Details Affected Versions CVE-2023-3313: All versions below 2023 R2.1 CVE-2023-3306: All versions below 2024 R5A CVE-2023-3307: All versions below 2022 R5L CVE-2023-3308: All versions below 2024 R5A CVE-2023-3304: All versions below 2024 R5A CVE-2023-3305: All versions below 2023 R2.1 CVE-2023-3348: All versions below 2024 R5A CVE-2023-3366: All versions below 2024 R5A CVE-2023-3367: All versions below 2024 R5A CVE-2023-3368: All versions below 2024 R5A CVE-2023-3369: All versions below 2024 R5A CVE-2023-3370: All versions below 2024 R5A CVE-2023-3371: All versions below 2024 R5A CVE-2023-3372: All versions below 2023 R2.1 Description CVE-2023-3313: SQL injection vulnerability allows attackers to inject malicious SQL code via specific parameters, potentially leading to data leakage or unauthorized database operations. CVE-2023-3306: Integer overflow vulnerability may cause application crashes or arbitrary code execution. CVE-2023-3307: File inclusion may expose sensitive information. CVE-2023-3308: Missing proper authorization may allow unauthorized access to critical resources. CVE-2023-3304: Missing proper authorization may allow unauthorized access to critical resources. CVE-2023-3305: Missing proper authorization may allow unauthorized access to critical resources. CVE-2023-3348: SQL injection vulnerability may lead to data leakage or unauthorized database operations. CVE-2023-3366: Code injection vulnerability may lead to arbitrary code execution. CVE-2023-3367: Code injection vulnerability may lead to arbitrary code execution. CVE-2023-3368: Code injection vulnerability may lead to arbitrary code execution. CVE-2023-3369: Code injection vulnerability may lead to arbitrary code execution. CVE-2023-3370: SQL injection vulnerability may lead to data leakage or unauthorized database operations. CVE-2023-3371: SQL injection vulnerability may lead to data leakage or unauthorized database operations. CVE-2023-3372: Hidden functionality may enable unauthorized access. Acknowledgments Thank you to the responsible vulnerability reporter.

Goal Reached Thanks to every supporter — we hit 100%!

CGM CLININET Vulnerability Advisory: SQLi, Code Injection, Auth Bypass (CVE-2023-3313, CVE-2023-3366, etc.)