216.73.216.226

CVE-2026-8032

· Published 06/05/2026 20:16 · Modified 06/05/2026 20:16

Labels: CVE-2026-8032 2026-05-06CVE-2026-8032CWE-259[email protected]

Essential information

Published
06/05/2026 20:16
Modified
06/05/2026 20:16
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 5.7.1 is sufficient to resolve this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
picotronica / e-clinic healthcare system cpe:2.3:a:picotronica:e-clinic_healthcare_system:5.7:*:*:*:*:*:*:*

References