Submit #800792: PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Managementinfo

TitlePicoTronica e-Clinic Healthcare System (ECHS) v5.7 Improper Privilege Management
DescriptionIn e-Clinic Healthcare System (ECHS) v5.7, a privileged administrative credential is embedded in a client-side JavaScript file at `/cdemos/echs/priv/echs.js` and is used as authentication material via an `X-Admin-Key` request header. The JavaScript (and embedded key) can be retrieved over HTTP(S), and the administrative key can be extracted and then used remotely in HTTP(S) requests to enable unauthorized use of administrative functionality
Source⚠️ https://docs.google.com/document/d/1w1veNs8I3nxsVxbSiIgJmt-4S5a0rW0bvjDvEe7iDr0/edit?usp=sharing
User
 Anonymous User
Submission04/09/2026 07:30 (3 months ago)
Moderation05/06/2026 14:17 (27 days later)
StatusAccepted
VulDB entry361358 [PicoTronica e-Clinic Healthcare System ECHS 5.7 echs.js ADMIN_KEY hard-coded credentials]
Points20

Do you need the next level of professionalism?

Upgrade your account now!