CVE-2020-27227
published 2021-04-13CVE-2020-27227: An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.89%
85.2th percentile
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclinic_ga_project | openclinic_ga | — | — |
| openclinic_ga_project | openclinic_ga | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
blogs_talos·2021-04-13·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA
is an open-source, fully integrated hospital management solution. The web portal allows users to manage administrative, financial, clinical, lab, x-ray and pharmacy data for health care facilities. The software contains extensive statistical and reporting capabilities. OpenClinic GA contains several vulnerabilities that could allow an adversary to carrot out a wide range of malicious actions, including injecting SQL code into the targeted server or elevating their privileges.
In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenClinic to disclose these vulnerabilities and ensur
Talos
Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
blogs_talos·2021-04-13·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
## Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal
Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA is an open-source, fully integrated hospital management solution. The web portal allows users to manage administrative, financial, clinical, lab, x-ray and pharmacy data for health care facilities. The software contains extensive statistical and reporting capabilities. OpenClinic GA contains several vulnerabilities that could allow an adversary to carrot out a wide range of malicious actions, including injecting SQL code into the targeted server or elevating their privileges.
In accordance with our coordinated disclosure po
2021-04-13
Published