3 matches found
CVE-2020-27243
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...
CVE-2020-27243
OpenClinic GA 5.173.3 contains authenticated SQL injection flaws in the listImmoLabels.jsp page. The vulnerabilities arise from building SQL with user-supplied parameters (e.g., immoService, immoLocation, immoCode, immoBuyer, immoComment) and then executing via a prepared statement, enabling inje...
OpenClinic GA web portal multiple SQL injection vulnerabilities in 'listImmoLabels.jsp' page
Summary A number of exploitable SQL injection vulnerabilities exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...