Openclinic Ga Project

Openclinic Ga

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-27238

Exploit
  • EPSS 0.36%
  • Veröffentlicht 15.04.2021 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to tri...

9.8

CVE-2020-27237

Exploit
  • EPSS 0.36%
  • Veröffentlicht 15.04.2021 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an...

9.8

CVE-2020-27236

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.04.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8

CVE-2020-27235

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.04.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:55

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

10

CVE-2020-27227

Exploit
  • EPSS 5.13%
  • Veröffentlicht 13.04.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:54

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to ...

7.8

CVE-2020-27228

Exploit
  • EPSS 0.14%
  • Veröffentlicht 13.04.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:54

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.

9.8

CVE-2020-27233

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.04.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:54

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.8

CVE-2020-27234

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.04.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:54

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

8.8

CVE-2020-14486

  • EPSS 0.09%
  • Veröffentlicht 29.07.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:22

An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.

8.8

CVE-2020-14493

  • EPSS 0.19%
  • Veröffentlicht 29.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:03:23

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.