Primary

Context

Medical Management System Insecure Permissions Vulnerability Allowing Arbitrary Password Resets

Vulnerability

A vulnerability exists in the Medical Management System version a81df1ce700a9662cb136b27af47f4cbde64156b, allowing unauthorized users to reset passwords for specific accounts. This issue arises from inadequate permission controls on the password reset functionality, which can be exploited by directly targeting usernames.

Impact

Exploitation of this vulnerability allows for unauthorized password resets, potentially leading to unauthorized access to user accounts.

Reproduction

The vulnerability can be reproduced by sending a request to the password reset endpoint for a specific user, such as 'admin' or 'yuangong1'. The request will bypass authentication checks and reset the user's password to '123456'.

Added: May 15, 2026, 3:26 PM

Updated: May 15, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Medical Management System Insecure Permissions Vulnerability Allowing Arbitrary Password Resets

Vulnerability

Impact

Reproduction

Affected Products

Medical Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating