3 matches found
OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)
An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-27233
CVE-2020-27233 concerns OpenClinic GA 5.173.3, where the supplierUID parameter in getAssets.jsp is vulnerable to SQL injection. The vulnerability is exploitable via an authenticated HTTP request, leading to potential arbitrary SQL execution. The connected sources (e.g., TALOS advisory, Red Hat en...
OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page
Summary Multiple exploitable SQL injection vulnerabilities exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...