Submit #800781: PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Exposure of Private Personal Information to an Unauthorized Actoinfo

TitlePicoTronica e-Clinic Healthcare System (ECHS) v5.7 Exposure of Private Personal Information to an Unauthorized Acto
DescriptionIn e-Clinic Healthcare System (ECHS) v5.7, an unidentified code within the endpoint `GET /cdemos/echs/api/v2/patient-records` is accessible without valid authentication and returns highly sensitive patient information. The endpoint continues to return patient records even when an invalid bearer token is supplied in the `Authorization` header, indicating authentication is not enforced. An unauthenticated attacker can exploit this issue by sending HTTP(S) requests to a remotely reachable API endpoint.
Source⚠️ https://docs.google.com/document/d/1FByC9x21c5503cQg6lkxjffIwWlEAHtHi_83vk2eUdk/edit?usp=sharing
User
 Anonymous User
Submission04/09/2026 07:21 (3 months ago)
Moderation05/06/2026 14:17 (27 days later)
StatusAccepted
VulDB entry361357 [PicoTronica e-Clinic Healthcare System ECHS 5.7 API Endpoint patient-records missing authentication]
Points20

Want to know what is going to be exploited?

We predict KEV entries!