Openclinic Ga Project Openclinic Ga vulnerabilities
37 known vulnerabilities affecting openclinic_ga_project/openclinic_ga.
Total CVEs
37
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH19MEDIUM3
Vulnerabilities
Page 2 of 2
CVE-2020-27245P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-11
CVE-2020-27245 [HIGH] CWE-89 CVE-2020-27245: An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27246P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-11
CVE-2020-27246 [HIGH] CWE-89 CVE-2020-27246: An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27242P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-11
CVE-2020-27242 [HIGH] CWE-89 CVE-2020-27242: An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27243P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-11
CVE-2020-27243 [HIGH] CWE-89 CVE-2020-27243: An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27226P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-10
CVE-2020-27226 [HIGH] CWE-89 CVE-2020-27226: An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3.
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27232P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-10
CVE-2020-27232 [HIGH] CWE-89 CVE-2020-27232: An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27229P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-10
CVE-2020-27229 [HIGH] CWE-89 CVE-2020-27229: A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27230P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-10
CVE-2020-27230 [HIGH] CWE-89 CVE-2020-27230: A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2020-27231P3HIGHCVSS 8.8v5.173.3vOpenClinic GA 5.173.32021-05-10
CVE-2020-27231 [HIGH] CWE-89 CVE-2020-27231: A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-40275P3CRITICALCVSS 9.1v5.247.012024-03-19
CVE-2023-40275 [CRITICAL] CWE-200 CVE-2023-40275: An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
nvd
CVE-2023-40280P3HIGHCVSS 7.5v5.247.012024-03-19
CVE-2023-40280 [HIGH] CWE-22 CVE-2023-40280: An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversa
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
nvd
CVE-2020-14489P3HIGHCVSS 7.5v5.09.02v5.89.05b2020-07-29
CVE-2020-14489 [HIGH] CWE-522 CVE-2020-14489: OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may a
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
nvd
CVE-2020-27228P3HIGHCVSS 7.8v5.173.3vOpenClinic GA 5.173.32021-04-13
CVE-2020-27228 [HIGH] CWE-276 CVE-2020-27228: An incorrect default permissions vulnerability exists in the installation functionality of OpenClini
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.
nvd
CVE-2021-37364P3HIGHCVSS 7.8v5.194.182021-10-26
CVE-2021-37364 [HIGH] CWE-732 CVE-2021-37364: OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system lev
nvd
CVE-2020-14491P4MEDIUMCVSS 6.5v5.09.02v5.89.05b+1 more2020-07-20
CVE-2020-14491 [MEDIUM] CWE-862 CVE-2020-14491: OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL q
OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information.
nvd
CVE-2020-14492P4MEDIUMCVSS 6.1v5.09.02v5.89.05b2020-07-29
CVE-2020-14492 [MEDIUM] CWE-79 CVE-2020-14492: OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may a
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
nvd
CVE-2023-40277P4MEDIUMCVSS 6.1v5.247.012024-03-19
CVE-2023-40277 [MEDIUM] CWE-79 CVE-2023-40277: An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerabil
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
nvd
← Previous2 / 2