Sam Huang

Researcher fromCHT Security
#7443of 53,632
36.9Total CVSS
Vulnerabilities · 4
High
1
Critical
3
PT-2025-35178
9.8
2025-08-29
Changing · Clinic Image System · CVE-2025-8857
**Name of the Vulnerable Software and Affected Versions** Clinic Image System (affected versions not specified) **Description** The Clinic Image System developed by Changing contains hard-coded credentials. This allows unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-35179
7.5
2025-08-29
Changing · Clinic Image System · CVE-2025-8858
**Name of the Vulnerable Software and Affected Versions** Clinic Image System versions (affected versions not specified) **Description** Clinic Image System developed by Changing is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to the unauthorized reading of database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-32533
9.8
2025-08-11
2100 Technology · Official Document Management System · CVE-2025-8853
Name of the Vulnerable Software and Affected Versions: Official Document Management System (affected versions not specified) Description: The Official Document Management System developed by 2100 Technology has an authentication bypass issue. This allows unauthenticated remote attackers to obtain a user’s connection token and use it to log into the system as that user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-17911
9.8
2024-12-31
Unknown · Electronic Official Document Management System · CVE-2024-13061
**Name of the Vulnerable Software and Affected Versions** Electronic Official Document Management System (affected versions not specified) **Description** The Electronic Official Document Management System has an Authentication Bypass issue. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.