2 matches found
OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)
An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-27237
CVE-2020-27237 affects OpenClinic GA 5.173.3. The vulnerability is an SQL injection in the getAssets.jsp page, allowing unauthenticated injection via multiple input parameters (e.g., supplierUID, serviceuid, nomenclature, description, code, etc.) as shown in the connected advisories. Multiple sou...