← Retour aux CVEs
CVE-2020-27237
CRITICAL9.8
Description
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/15/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
openclinic_ga_project:openclinic_ga
Faiblesses (CWE)
CWE-89CWE-89
References
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.