2 matches found
OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)
An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-27236
OpenClinic GA 5.173.3 is affected by multiple SQL injection vulnerabilities in the getAssets.jsp page (parameterized inputs such as supplierUID, serviceuid, description, compnomenclature, nomenclature, etc.). The flaws arise from building SQL queries by concatenating user inputs without proper va...