PT-2026-22572 · Unknown+1 · Gcm Clininet+1

Maciej Kazulak

Publicado

2026-03-02

Atualizado

2026-03-09

CVE-2025-10350

CVSS v4.0

8.8

Alta

Vetor

AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Name of the Vulnerable Software and Affected Versions CGM NETRAAD versions prior to 7.9.0

Description A SQL Injection issue exists in the "imageserver" module when processing C-FIND queries. This affects CGM NETRAAD software and potentially allows an attacker connected to a PACS system to gain access to the database, including data processed by GCM CLININET software. The issue is present when processing C-FIND queries via the imageserver module. The API endpoint involved is not specified. The vulnerable parameter is not specified.

Recommendations Update CGM NETRAAD to version 7.9.0 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-10350

Produtos afetados

Cgm Netraad

Gcm Clininet

PT-2026-22572 · Unknown+1 · Gcm Clininet+1

CVE-2025-10350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16