Vulnerabilities > Openclinic GA Project > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-19 CVE-2020-27241 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-19 CVE-2020-27240 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-15 CVE-2020-27239 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-15 CVE-2020-27238 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-15 CVE-2020-27237 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-13 CVE-2020-27236 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-13 CVE-2020-27235 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-13 CVE-2020-27234 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2021-04-13 CVE-2020-27233 SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter.
network
low complexity
openclinic-ga-project CWE-89
7.5
7.5
2020-07-20 CVE-2020-14485 Improper Authentication vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.
network
low complexity
openclinic-ga-project CWE-287
7.5
7.5