Security News > 2020 > July > Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server.
OpenClinic GA is described as an "Integrated hospital information management system covering management of administrative, financial, clinical, lab, x-ray, pharmacy, meals distribution and other data." The product is used worldwide and it has been downloaded nearly 120,000 times from SourceForge.
Hysell explained that several of the vulnerabilities could be chained together to allow an attacker who has access to the application via a web browser to conduct various activities, including to view or modify the content of databases, or install malware on the server hosting OpenClinic GA, which can allow the attacker to move deeper into the targeted organization's network.
"Other bugs in the application's session management allowed attackers to bypass login entirely; they could only access certain portions of the application, but crucially, those included that same SQL query panel," he added.
The researcher says it might be possible to exploit some of the vulnerabilities directly from the internet if an organization has configured the application to be remotely accessible.
News URL
Related news
- Open-source tool 'Rayhunter' helps users detect Stingray attacks (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)