CVE-2020-27230: SQL Injection
First published: Mon May 10 2021(Updated: )
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-27230?
CVE-2020-27230 is a number of exploitable SQL injection vulnerabilities that exist in the 'patientslist.do' page of OpenClinic GA 5.173.3 application.
How severe is CVE-2020-27230?
CVE-2020-27230 has a severity score of 8.8 (High).
What software versions are affected by CVE-2020-27230?
CVE-2020-27230 affects OpenClinic GA version 5.173.3.
How can I fix CVE-2020-27230?
To fix CVE-2020-27230, apply the latest security patches or updates provided by OpenClinic GA project.
Where can I find more information about CVE-2020-27230?
You can find more information about CVE-2020-27230 at the following URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3