| |
Vulnerability CVE-2020-14490
Published: 2020-07-29
| Description: |
OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. |
Type:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
