CVE-2020-27232
OpenClinic GA 5.173.3 contains an exploitable authenticated SQL injection in manageServiceStocks.jsp. The vulnerability stems from dynamic SQL built using user-supplied FindServiceUid in the Find operation (ServiceStock.find), which concatenates input into the WHERE clause (OC_STOCK_SERVICEUID IN...