PT-2026-27121 · Unknown+1 · Klinikaxp Insertino+1
Wojciech Giełda
·
Publicado
2026-03-23
·
Atualizado
2026-06-01
·
CVE-2026-1958
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
KlinikaXP versions prior to 5.39.01.01
KlinikaXP Insertino versions prior to 3.1.0.1
Description
The use of hard-coded credentials in KlinikaXP and KlinikaXP Insertino allowed an unauthorized attacker access to internal services, including the FTP server hosting application updates. An attacker could upload a malicious update file, potentially distributing and installing it on client machines as a legitimate update.
Recommendations
Update KlinikaXP to version 5.39.01.01 or later.
Update KlinikaXP Insertino to version 3.1.0.1 or later.
Rotate previously exposed credentials.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Klinikaxp
Klinikaxp Insertino