The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability.
This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URL. Bymanipulating this id parameter, an attacker can gain access to sensitive medical information.
http://IP/Modernanet/LAUDO/LAU0000100/Laudo?id=NUMBER
You don't need to be logged in to see the results.
It was possible to access this hospital's user account because of weak credentials that can be obtained through this IDOR.
