2 matches found
CVE-2020-27229
CVE-2020-27229 concerns OpenClinic GA 5.173.3, where multiple authenticated SQL injection vulnerabilities exist in the web page patientslist.do . The root cause is improper handling of user input in the findPersonID, findSector, and findDistrict parameters, leading to crafted HTTP requests that c...
OpenClinic GA web portal multiple SQL injection vulnerabilities in 'patientslist.do' page
Summary A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...