Summary
Imaster's business management systems suffer from four vulnerabilities, including a critical SQL injection (CVE-2025-41006) that allows unauthenticated database access. These flaws enable attackers to steal sensitive patient data and execute malicious scripts in administrative sessions.
Take Action:
If you are using Imaster MEMS Events CRM and the Patient Records Management System, make sure they are isolated from the internet and accessible from trusted networks only. Reach out to the vendor for patches, and in the meantime use a Web Application Firewall to filter malicious SQL and XSS traffic.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)