Openclinic Ga Project Openclinic Ga — known CVE vulnerabilities
Every CVE whose affected-product data names Openclinic Ga Project Openclinic Ga, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2020-14484 — CVSS 9.8 (critical): OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow…
CVE-2020-14485 — CVSS 9.8 (critical): OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to…
CVE-2020-14494 — CVSS 9.8 (critical): OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient…
CVE-2020-27227 — CVSS 9.8 (critical): An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to…
CVE-2020-27233 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An…
CVE-2020-27234 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An…
CVE-2020-27235 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An…
CVE-2020-27236 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter…
CVE-2020-27237 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The…
CVE-2020-27238 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the…
CVE-2020-27239 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the…
CVE-2020-27240 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in…
CVE-2020-27241 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the…
CVE-2023-40276 — CVSS 9.1 (critical): An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in…
CVE-2023-40275 — CVSS 9.1 (critical): An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to…
CVE-2020-27232 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP…
CVE-2020-27245 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer…
CVE-2020-27246 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment…
CVE-2020-27229 — CVSS 8.8 (high): A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The…
CVE-2020-27231 — CVSS 8.8 (high): A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The…
CVE-2020-27242 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation…
CVE-2020-14490 — CVSS 8.8 (high): OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow…
CVE-2020-14493 — CVSS 8.8 (high): A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the…
CVE-2020-27243 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService…
CVE-2020-27226 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request…
CVE-2020-27244 — CVSS 8.8 (high): An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode…
CVE-2020-27230 — CVSS 8.8 (high): A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The…
CVE-2020-27228 — CVSS 7.8 (high): An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary…
CVE-2021-37364 — CVSS 7.8 (high): OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to…
CVE-2023-40279 — CVSS 7.5 (high): An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET…
CVE-2023-40280 — CVSS 7.5 (high): An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET…
CVE-2023-40278 — CVSS 7.5 (high): An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the…
CVE-2020-14491 — CVSS 6.5 (medium): OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege…
CVE-2020-14486 — CVSS 6.3 (medium): An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission…
CVE-2020-14489 — CVSS 6.2 (medium): OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords…
CVE-2023-40277 — CVSS 6.1 (medium): An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the…
CVE-2020-14492 — CVSS 5.4 (medium): OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code…