CVE-2020-27239
published 2021-04-15CVE-2020-27239: An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.87%
54.1th percentile
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclinic_ga_project | openclinic_ga | — | — |
| openclinic_ga_project | openclinic_ga | — | — |
| samba | cifs-utils | >= 0 < 2:6.8-1ubuntu1.2 | 2:6.8-1ubuntu1.2 |
| samba | cifs-utils | >= 0 < 2:6.9-1ubuntu0.2 | 2:6.9-1ubuntu0.2 |
| samba | cifs-utils | >= 0 < 2:6.14-1ubuntu0.1 | 2:6.14-1ubuntu0.1 |
| samba | cifs-utils | >= 0 < 2:6.0-1ubuntu2+esm1 | 2:6.0-1ubuntu2+esm1 |
| samba | cifs-utils | >= 0 < 2:6.4-1ubuntu1.1+esm1 | 2:6.4-1ubuntu1.1+esm1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cifs-utils vulnerabilities
osv·2025-08-07·CVSS 7.0
CVE-2020-14342 cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
inf
OSV
cifs-utils vulnerabilities
osv·2022-06-02·CVSS 7.0
CVE-2020-14342 cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discov
GHSA
GHSA-f896-64x6-54qp: An exploitable SQL injection vulnerability exists in ‘getAssets
ghsa_unreviewed·2022-05-24
CVE-2020-27239 [CRITICAL] CWE-89 GHSA-f896-64x6-54qp: An exploitable SQL injection vulnerability exists in ‘getAssets
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-15
Published