Harpia DiagSystem Resource Injection Vulnerability in PACS Module

A resource injection vulnerability has been identified in Harpia DiagSystem version 12. The issue arises in the PACS module, specifically within the file '/diagsystem/PACS/atualatendimento_jpeg.php'. The vulnerability is triggered by manipulating the 'cod' and 'codexame' parameters, leading to improper control of resource identifiers. This flaw allows authenticated users to access and view exams of other patients, creating a significant privacy concern by exposing sensitive medical data. The vulnerability can be exploited remotely, and a proof-of-concept exploit is publicly available.

Impact

Exploitation of this vulnerability allows authenticated users to bypass authorization and access sensitive medical information from other patients, violating privacy rights and potentially leading to misuse of personal health data.

Reproduction

To reproduce this vulnerability, log into the Harpia DiagSystem and navigate to the PACS module. Once there, access an exam URL that includes the 'cod' and 'codexame' parameters. After identifying a valid exam, modify the 'cod' parameter to a different value and adjust the 'codexame' parameter to a number close to the original. Access the modified URL; if the page displays exams from other patients, the vulnerability is confirmed.

Remediation

It is recommended to implement proper authentication and authorization checks on the affected endpoint. Additionally, avoid using predictable sequential identifiers and consider adopting secure tokens to manage access to exams. Regular security audits can help identify similar vulnerabilities.