CVE-2025-30044

CliniNET.prd - Code Injection

Title source: llm

Description

In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.

References (2)

[Various Sources] https://cert.pl/en/posts/2026/03/CVE-2025-10350/

[Various Sources] https://www.cgm.com/pol_pl/products/szpital/cgm-clininet.html

Scores

EPSS 0.0003

EPSS Percentile 9.1%

Classification

CWE

CWE-78

Status draft

Timeline

Published Mar 02, 2026

Tracked Since Mar 02, 2026