RSS   Vulnerabilities for 'Openclinic ga'   RSS

2021-10-26
 
CVE-2021-37364

CWE-732
 
 
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.

 
2021-05-11
 
CVE-2020-27242

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??listImmoLabels.jsp�?? page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the �??listImmoLabels.jsp�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27243

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??listImmoLabels.jsp�?? page of OpenClinic GA 5.173.3 application. The immoService parameter in the �??listImmoLabels.jsp�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27244

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??listImmoLabels.jsp�?? page of OpenClinic GA 5.173.3 application. The immoCode parameter in the �??listImmoLabels.jsp�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27245

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??listImmoLabels.jsp�?? page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the �??listImmoLabels.jsp�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27246

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??listImmoLabels.jsp�?? page of OpenClinic GA 5.173.3 application. The immoComment parameter in the �??listImmoLabels.jsp�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
2021-05-10
 
CVE-2020-27232

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??manageServiceStocks.jsp�?? page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27226

CWE-89
 
 
An exploitable SQL injection vulnerability exists in �??quickFile.jsp�?? page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27229

CWE-89
 
 
A number of exploitable SQL injection vulnerabilities exists in �??patientslist.do�?? page of OpenClinic GA 5.173.3 application. The findPersonID parameter in �??�??patientslist.do�?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
 
CVE-2020-27230

CWE-89
 
 
A number of exploitable SQL injection vulnerabilities exists in �??patientslist.do�?? page of OpenClinic GA 5.173.3 application. The findSector parameter in �??�??patientslist.do�?? page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.

 

Copyright 2024, cxsecurity.com

 

Back to Top