CVE-2020-27229: SQL Injection
First published: Mon May 10 2021(Updated: )
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OpenClinic GA application vulnerability?
The vulnerability ID for this OpenClinic GA application vulnerability is CVE-2020-27229.
What is the severity level of CVE-2020-27229?
CVE-2020-27229 has a severity level of 8.8 (high).
What is the affected software version of CVE-2020-27229?
The affected software version of CVE-2020-27229 is OpenClinic GA 5.173.3.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-89.
How can an attacker exploit CVE-2020-27229?
An attacker can make an authenticated HTTP request to trigger the SQL injection vulnerability in the 'patientslist.do' page of OpenClinic GA 5.173.3 application by manipulating the 'findPersonID' parameter.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/type
- agent/references
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3