Vulnerabilities > CVE-2020-20444 - Missing Authorization vulnerability in Openclinic Project Openclinic 0.8.20160412

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openclinic-project

CWE-862

NVD

Published: 2021-06-16

Updated: 2024-11-21

Summary

Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .

Vulnerable Configurations

Part	Description	Count
Application	Openclinic_Project Openclinic Project Openclinic 0.8.20160412	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://cwe.mitre.org/data/definitions/23.html
https://cwe.mitre.org/data/definitions/23.html
https://github.com/jact/openclinic/issues/8
https://github.com/jact/openclinic/issues/8