Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.4
ClniNET Web Interface: Unnormalized Parameters Enable Code Injection
CVE-2025-30044
Summary
The ClniNET web interface has a security issue that allows an attacker to inject malicious code. This could allow them to access sensitive data or take control of the system. Users running ClniNET should update the affected endpoints to prevent exploitation.
Original title
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dbl...
Original description
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.
nvd CVSS4.0
9.4
Vulnerability type
CWE-78
OS Command Injection
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026