| |
Vulnerability CVE-2020-27244
Published: 2021-05-11
| Description: |
An exploitable SQL injection vulnerability exists in ??listImmoLabels.jsp?? page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ??listImmoLabels.jsp?? page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
