Lucene search
TalosCVELIST:CVE-2020-27234HistoryApr 13, 2021 - 2:07 p.m.
CVE-2020-27234
2021-04-1314:07:10
CWE-89
talos
www.cve.org
1
sql injection
openclinic
http request
vulnerability
serviceuid parameter
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
56.1%
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CNA Affected
[
{
"product": "OpenClinic",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OpenClinic GA 5.173.3"
}
]
}
]Related
cve
cve
CVE-2020-27234
2021-04-13 15:15:12
nvd
nvd
CVE-2020-27234
2021-04-13 15:15:12
prion
prion
Sql injection
2021-04-13 15:15:00
checkpoint_advisories
checkpoint_advisories
talos
talos
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
56.1%
Related for CVELIST:CVE-2020-27234