| शीर्षक | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management |
|---|
| विवरण | In e-Clinic Healthcare System (ECHS) v5.7, a privileged administrative credential is embedded in a client-side JavaScript file at `/cdemos/echs/priv/echs.js` and is used as authentication material via an `X-Admin-Key` request header. The JavaScript (and embedded key) can be retrieved over HTTP(S), and the administrative key can be extracted and then used remotely in HTTP(S) requests to enable unauthorized use of administrative functionality |
|---|
| स्रोत | ⚠️ https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 09/04/2026 07:30 AM (2 महीनों पहले) |
|---|
| संयम | 06/05/2026 02:17 PM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 361358 [PicoTronica e-Clinic Healthcare System ECHS 5.7 echs.js ADMIN_KEY कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|