2 matches found
CVE-2020-14488
OpenClinic GA versions 5.09.02 and 5.89.05b are affected by CVE-2020-14488, where improper validation of uploaded files may allow a low-privilege user to upload and execute arbitrary files on the system. The issue is documented with a high-impact CVSS baseline (3.1) of 8.8; exploitation is networ...
CVE-2020-14487
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not turned it off, potentially allowing an attacker to login and execute arbitrary commands. The issue is discussed across multiple sources, with ICS advisories indicating remote exploitation...