Openclinic Ga Project

Openclinic Ga

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-40279

Exploit
  • EPSS 16.01%
  • Veröffentlicht 19.03.2024 13:15:06
  • Zuletzt bearbeitet 14.04.2025 13:40:11

An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.

7.5

CVE-2023-40278

Exploit
  • EPSS 8.97%
  • Veröffentlicht 19.03.2024 12:15:07
  • Zuletzt bearbeitet 14.04.2025 13:40:03

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a sp...

7.5

CVE-2023-40280

Exploit
  • EPSS 0.99%
  • Veröffentlicht 19.03.2024 01:15:44
  • Zuletzt bearbeitet 14.04.2025 13:39:52

An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.

6.1

CVE-2023-40277

Exploit
  • EPSS 0.23%
  • Veröffentlicht 19.03.2024 01:15:44
  • Zuletzt bearbeitet 14.04.2025 13:39:46

An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.

9.1

CVE-2023-40276

Exploit
  • EPSS 0.56%
  • Veröffentlicht 19.03.2024 01:15:44
  • Zuletzt bearbeitet 14.04.2025 13:39:36

An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.

9.1

CVE-2023-40275

  • EPSS 0.43%
  • Veröffentlicht 19.03.2024 01:15:44
  • Zuletzt bearbeitet 14.04.2025 13:39:18

An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.

9.3

CVE-2021-37364

  • EPSS 0.37%
  • Veröffentlicht 26.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:00

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folde...

8.8

CVE-2020-27245

Exploit
  • EPSS 0.33%
  • Veröffentlicht 11.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:56

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authen...

8.8

CVE-2020-27242

Exploit
  • EPSS 0.36%
  • Veröffentlicht 11.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an aut...

8.8

CVE-2020-27243

Exploit
  • EPSS 0.33%
  • Veröffentlicht 11.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an auth...