Vulnerabilities in CGM CLININET software

CERT Polska coordinated disclosure describes 17 CVEs impacting CGM CLININET (affecting versions prior to various 2024/2025 maintenance releases). The vulnerabilities include arbitrary code/command injection, multiple SQL injection issues, stored XSS, missing authentication on internal endpoints, and leakage of session IDs and configuration data — collectively enabling session hijacking, credential disclosure, and potential full administrative compromise; users are advised to apply vendor patches and mitigations.