What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through <= 15.1.
Explanation of Vulnerability in Simple Terms
02Summary
MediCenter versions 15.1 and earlier contain a deserialization vulnerability that allows unauthenticated attackers to run arbitrary code on the server. The vulnerability exists in how the application processes untrusted serialized data without proper validation. An attacker can exploit this remotely without user interaction to gain full control of the site.
What an attacker can do
03Attacker Capabilities
Run arbitrary code on the server, read/modify all data, and take complete control of the site.
Potential impact on your site
04Site Impact
Complete compromise of the site and all patient/clinic data; attackers can steal information, modify records, or shut down the service.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
August 20, 2025
CVE published
April 28, 2026
Record updated