Openclinic Ga Security Vulnerabilities and Issues — Openclinic Ga CVE List

Lucene search

Openclinic Ga ProjectOpenclinic Ga

11 matches found

CVE•added 2021/04/19 9:15 p.m.•64 views

CVE-2020-27241

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2021/04/19 9:15 p.m.•62 views

CVE-2020-27240

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.7AI score0.0025EPSS

CVE•added 2021/04/13 3:15 p.m.•58 views

CVE-2020-27228

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.

8.8CVSS7.5AI score0.00142EPSS

CVE•added 2021/04/15 2:15 p.m.•40 views

CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.8AI score0.00277EPSS

CVE•added 2021/04/15 2:15 p.m.•38 views

CVE-2020-27237

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulne...

9.8CVSS9.8AI score0.00277EPSS

CVE•added 2021/04/13 3:15 p.m.•36 views

CVE-2020-27233

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.6AI score0.00277EPSS

CVE•added 2021/04/13 3:15 p.m.•36 views

CVE-2020-27235

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.6AI score0.00277EPSS

CVE•added 2021/04/13 3:15 p.m.•32 views

CVE-2020-27236

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.6AI score0.00277EPSS

CVE•added 2021/04/15 2:15 p.m.•32 views

CVE-2020-27239

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.7AI score0.0025EPSS

CVE•added 2021/04/13 3:15 p.m.•30 views

CVE-2020-27227

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing ...

10CVSS9.7AI score0.04569EPSS

CVE•added 2021/04/13 3:15 p.m.•28 views

CVE-2020-27234

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8CVSS9.6AI score0.00277EPSS