CVE-2020-20444
- EPSS 0.29%
- Veröffentlicht 16.06.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:12:04
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .
CVE-2020-28937
- EPSS 0.63%
- Veröffentlicht 03.12.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:23:19
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the applic...
CVE-2020-28938
- EPSS 0.21%
- Veröffentlicht 03.12.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:23:19
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.
CVE-2020-28939
- EPSS 2.28%
- Veröffentlicht 03.12.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:23:20
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitr...