CVE-2026-31071
Unauthenticated API Access in LalanaChami Pharmacy System
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the LalanaChami Pharmacy Management System involves API endpoints that lack authentication middleware. This means that unauthenticated remote attackers can access these endpoints without needing to log in or prove their identity.
Specifically, attackers can exploit the /api/user/getUserData endpoint to dump all user records, which include bcrypt password hashes. They can also modify the drug inventory and access private medical prescription data through the /api/doctorOder endpoint.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized disclosure of sensitive user information, such as password hashes, which could lead to further account compromises.
Attackers can also alter drug inventory data, potentially disrupting pharmacy operations or causing incorrect medication dispensing.
Additionally, unauthorized access to private medical prescription data can lead to privacy violations and misuse of sensitive health information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the API endpoints /api/user/getUserData and /api/doctorOder are accessible without authentication. An unauthenticated request to these endpoints that returns sensitive data indicates the presence of the vulnerability.
- Use curl or similar HTTP client tools to send GET requests to the endpoints and observe the responses.
- Example commands:
- curl -i http://<target-host>/api/user/getUserData
- curl -i http://<target-host>/api/doctorOder
If these commands return user data, password hashes, or private medical prescription data without requiring authentication, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing authentication middleware on the affected API endpoints to restrict access only to authorized users.
Specifically:
- Add authentication checks to /api/user/getUserData and /api/doctorOder endpoints.
- Ensure that sensitive data such as user records and medical prescriptions are only accessible after proper authentication and authorization.
- Review and update the API codebase to include middleware that enforces these security controls.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to access and dump all user records, including bcrypt password hashes, modify drug inventory, and access private medical prescription data. This exposure of sensitive personal and medical information can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which mandate strict controls over the confidentiality, integrity, and security of personal and health-related data.
Specifically, unauthorized access to private medical prescription data violates HIPAA's requirements for protecting patient health information, while the exposure of user data including password hashes can breach GDPR's mandates on personal data protection and breach notification.