Vulnerabilities > Openclinic Project

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-16	CVE-2020-20444	Missing Authorization vulnerability in Openclinic Project Openclinic 0.8.20160412 Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . network low complexity openclinic-project CWE-862	7.2
2020-12-03	CVE-2020-28939	Unrestricted Upload of File with Dangerous Type vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. network low complexity openclinic-project CWE-434	7.2
2020-12-03	CVE-2020-28938	Cross-site Scripting vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. network low complexity openclinic-project CWE-79	5.4
2020-12-03	CVE-2020-28937	Forced Browsing vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. network low complexity openclinic-project CWE-425	7.5

Vulnerabilities > Openclinic Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openclinic Project"}]}