Aggregates CVE and security vulnerability intelligence across all openclinic_ga_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk path handling, and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-40279 | An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. | [email protected] | 7.5 | 19.75% | 2024-03-19 | 2025-04-14 |
| CVE-2023-40278 | An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message. | [email protected] | 7.5 | 14.66% | 2024-03-19 | 2025-04-14 |
| CVE-2023-40280 | An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. | [email protected] | 7.5 | 1.29% | 2024-03-19 | 2025-04-14 |
| CVE-2023-40277 | An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter. | [email protected] | 6.1 | 0.30% | 2024-03-19 | 2025-04-14 |
| CVE-2023-40276 | An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp. | [email protected] | 9.1 | 0.95% | 2024-03-19 | 2025-04-14 |
| CVE-2023-40275 | An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp. | [email protected] | 9.1 | 0.56% | 2024-03-19 | 2025-04-14 |
| CVE-2021-37364 | OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through | [email protected] | 7.8 | 0.50% | 2021-10-26 | 2024-11-21 |
| CVE-2020-27246 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.37% | 2021-05-11 | 2024-11-21 |
| CVE-2020-27245 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.33% | 2021-05-11 | 2024-11-21 |
| CVE-2020-27244 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.37% | 2021-05-11 | 2024-11-21 |
| CVE-2020-27243 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.33% | 2021-05-11 | 2024-11-21 |
| CVE-2020-27242 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.36% | 2021-05-11 | 2024-11-21 |
| CVE-2020-27232 | An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 1.54% | 2021-05-10 | 2024-11-21 |
| CVE-2020-27231 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.37% | 2021-05-10 | 2024-11-21 |
| CVE-2020-27230 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.33% | 2021-05-10 | 2024-11-21 |
| CVE-2020-27229 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 0.33% | 2021-05-10 | 2024-11-21 |
| CVE-2020-27226 | An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 8.8 | 1.43% | 2021-05-10 | 2024-11-21 |
| CVE-2020-27241 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 9.8 | 0.33% | 2021-04-19 | 2024-11-21 |
| CVE-2020-27240 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 9.8 | 0.33% | 2021-04-19 | 2024-11-21 |
| CVE-2020-27239 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | [email protected] | 9.8 | 0.33% | 2021-04-15 | 2024-11-21 |