← Back

Computing For Good's Basic Laboratory Information System

computing_for_good's_basic_laboratory_information_system

Vendor: Gatech • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25678
1Gatech
1Computing For Good's Basic Laboratory Information System
Apr 20, 2026
Apr 5, 2026
8.8 HIGH· v4
7.5 HIGH· v3
N/A· v2
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. A...Show more
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.Show less
CVE-2019-5644
1Gatech
1Computing For Good's Basic Laboratory Information System
Nov 21, 2024
Nov 6, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter sev...Show more
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.Show less
CVE-2019-5643
1Gatech
1Computing For Good's Basic Laboratory Information System
Nov 21, 2024
Nov 6, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate...Show more
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation.Show less
CVE-2019-5617
1Gatech
1Computing For Good's Basic Laboratory Information System
Nov 21, 2024
Nov 6, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change th...Show more
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user.Show less