CVE-2024-1228 CRITICAL

CVE-2024-1228: Hardcoded password in Eurosoft Przychodnia

Vendor Eurosoft Sp. Z O. O.
Product Eurosoft Przychodnia
Weakness CWE-259
Published June 10, 2024
Last update October 7, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).

Key dates

02Disclosure timeline

June 10, 2024 CVE published
October 7, 2025 Record updated