CVE-2020-14493: OpenClinic GA
First published: Wed Jul 29 2020(Updated: )
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.09.02 | |
| Openclinic Ga Project Openclinic Ga | =5.89.05b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14493?
CVE-2020-14493 is a vulnerability that allows a low-privilege user to use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, potentially allowing the execution of arbitrary commands.
What is the severity of CVE-2020-14493?
CVE-2020-14493 has a severity score of 8.8, which is considered high.
Which software versions are affected by CVE-2020-14493?
CVE-2020-14493 affects OpenClinic GA versions 5.09.02 and 5.89.05b.
How can I fix CVE-2020-14493?
To fix CVE-2020-14493, it is recommended to update OpenClinic GA to a version that has the necessary patches to address the vulnerability.
Where can I find more information about CVE-2020-14493?
More information about CVE-2020-14493 can be found at the following link: [https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01](https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/title
- agent/tags
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.09.02
- version/openclinic ga project openclinic ga/5.89.05b