CVE-2025-1537
📋 TL;DR
This critical SQL injection vulnerability in Harpia DiagSystem 12 allows remote attackers to execute arbitrary SQL commands via the 'codexame' parameter in the /diagsystem/PACS/atualatendimento_jpeg.php endpoint. This affects all systems running vulnerable versions of Harpia DiagSystem 12 with the PACS module accessible.
💻 Affected Systems
- Harpia DiagSystem
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive patient data exfiltration, system takeover via command execution, and potential lateral movement to connected systems.
Likely Case
Unauthorized access to patient records, modification of diagnostic data, and potential data breach of medical information.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.
🎯 Exploit Status
Exploit details are publicly available and the vulnerability requires no authentication, making it trivial to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a supported version if available or implementing workarounds.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block SQL injection patterns targeting the vulnerable endpoint
Endpoint Access Restriction
allRestrict access to /diagsystem/PACS/atualatendimento_jpeg.php using network controls or web server configuration
# Apache: <Location /diagsystem/PACS/atualatendimento_jpeg.php> Deny from all </Location>
# Nginx: location /diagsystem/PACS/atualatendimento_jpeg.php { deny all; }
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all user inputs
- Isolate the DiagSystem server in a segmented network with minimal external access
🔍 How to Verify
Check if Vulnerable:
Test the endpoint with SQL injection payloads in the 'codexame' parameter and observe database errors or unexpected behaviorCheck Version:
Check application version in admin interface or configuration files (specific command unknown)Verify Fix Applied:
Attempt SQL injection after implementing workarounds to confirm they block malicious requests📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed requests to /diagsystem/PACS/atualatendimento_jpeg.php
- SQL syntax errors in web server logs
Network Indicators:
- Unusual outbound database connections from web server
- Patterns of SQL injection payloads in HTTP requests
SIEM Query:
web.url:*atualatendimento_jpeg.php AND (web.param.codexame:SELECT OR web.param.codexame:UNION OR web.param.codexame:OR)