Unsanitized User Input in PICiX Versions B.02, C.02, C.03 Allows Unauthorized Access to Patient Data

Unsanitized User Input in PICiX Versions B.02, C.02, C.03 Allows Unauthorized Access to Patient Data

CVE-2020-16218 · LOW Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.

Learn more about our Web App Pen Testing.