CVE-2020-27239: SQL Injection
First published: Thu Apr 15 2021(Updated: )
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this exploit?
The vulnerability ID for this exploit is CVE-2020-27239.
What is the title of this vulnerability?
The title of this vulnerability is 'An exploitable SQL injection vulnerability exists in 'getAssets.jsp' page of OpenClinic GA 5.173.3.'
What is the severity of CVE-2020-27239?
The severity of CVE-2020-27239 is critical with a severity value of 9.8.
Which software versions are affected by this vulnerability?
OpenClinic GA version 5.173.3 is affected by this vulnerability.
How can I fix CVE-2020-27239?
To fix CVE-2020-27239, it is recommended to update OpenClinic GA to a patched version or apply the necessary security patches provided by the vendor.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3