3 matches found
Command injection
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...
CVE-2020-14493 OpenClinic GA
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...
CVE-2020-14490
OpenClinic GA versions 5.09.02 and 5.89.05b contain a path traversal vulnerability (CWE-22) that allows arbitrary local files to be specified via parameters and may execute uploaded files, risking disclosure of sensitive data and code execution. The issue corresponds to CVE-2020-14490; root cause...