Show filters
126 Total Results
Displaying 81-90 of 126
Sort by:
Attacker Value
Unknown

CVE-2020-27239

Disclosure Date: April 15, 2021 (last updated February 22, 2025)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-27233

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-27227

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-27236

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-27235

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-27228

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-27234

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-30030

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-30044

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-30039

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >