CVE-2020-27231: SQL Injection
First published: Mon May 10 2021(Updated: )
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the SQL injection vulnerability in OpenClinic GA 5.173.3?
The vulnerability ID for the SQL injection vulnerability in OpenClinic GA 5.173.3 is CVE-2020-27231.
How severe is the SQL injection vulnerability in OpenClinic GA 5.173.3?
The SQL injection vulnerability in OpenClinic GA 5.173.3 has a severity score of 8.8 (high).
Which page of OpenClinic GA 5.173.3 is vulnerable to SQL injection?
The 'patientslist.do' page of OpenClinic GA 5.173.3 is vulnerable to SQL injection.
What is the affected software version for the SQL injection vulnerability in OpenClinic GA?
The SQL injection vulnerability affects OpenClinic GA version 5.173.3.
Is authentication required to exploit the SQL injection vulnerability in OpenClinic GA 5.173.3?
Yes, the SQL injection vulnerability in OpenClinic GA 5.173.3 requires authentication to exploit.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3