Enviar #800792: PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Managementinformación

TítuloPicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management
DescripciónIn e-Clinic Healthcare System (ECHS) v5.7, a privileged administrative credential is embedded in a client-side JavaScript file at `/cdemos/echs/priv/echs.js` and is used as authentication material via an `X-Admin-Key` request header. The JavaScript (and embedded key) can be retrieved over HTTP(S), and the administrative key can be extracted and then used remotely in HTTP(S) requests to enable unauthorized use of administrative functionality
Fuente⚠️ https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing
Usuario
 Anonymous User
Sumisión2026-04-09 07:30 (hace 2 meses)
Moderación2026-05-06 14:17 (27 days later)
EstadoAceptado
Entrada de VulDB361358 [PicoTronica e-Clinic Healthcare System ECHS 5.7 echs.js ADMIN_KEY autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!