cbcvebase.

Open Source Openclinic Ga vulnerabilities

7 known vulnerabilities affecting open_source/openclinic_ga.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2020-14487P2CRITICALCVSS 9.8v5.09.022020-07-29
CVE-2020-14487 [CRITICAL] CWE-912 CVE-2020-14487: OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrato OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.
nvd
CVE-2020-14493P3HIGHCVSS 8.8v5.09.02v5.89.05b2020-07-29
CVE-2020-14493 [HIGH] CWE-250 CVE-2020-14493: A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5. A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
nvd
CVE-2020-14488P3HIGHCVSS 8.8v5.09.02v5.89.05b2020-07-29
CVE-2020-14488 [HIGH] CWE-434 CVE-2020-14488: OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-pr OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
nvd
CVE-2020-14490P3HIGHCVSS 8.8v5.09.02v5.89.05b2020-07-29
CVE-2020-14490 [HIGH] CWE-22 CVE-2020-14490: OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.
nvd
CVE-2020-14486P3HIGHCVSS 8.8v5.09.02v5.89.05b2020-07-29
CVE-2020-14486 [HIGH] CWE-285 CVE-2020-14486: An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by igno An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
nvd
CVE-2020-14489P3HIGHCVSS 7.5v5.09.02v5.89.05b2020-07-29
CVE-2020-14489 [HIGH] CWE-522 CVE-2020-14489: OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may a OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
nvd
CVE-2020-14492P4MEDIUMCVSS 6.1v5.09.02v5.89.05b2020-07-29
CVE-2020-14492 [MEDIUM] CWE-79 CVE-2020-14492: OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may a OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
nvd
Open Source Openclinic Ga vulnerabilities | cvebase