2 matches found
OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)
An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-27240
CVE-2020-27240 affects OpenClinic GA 5.173.3 where the vulnerability resides in the web UI component GetAssets.jsp. The issue is an SQL injection in the input parameter set of the assets search/ajax endpoint (notably componentStatus and related fields such as supplierUID, serviceuid, description,...