CVE-2020-27241: SQL Injection
First published: Mon Apr 19 2021(Updated: )
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-27241?
CVE-2020-27241 is an SQL injection vulnerability in the 'getAssets.jsp' page of OpenClinic GA 5.173.3.
How severe is CVE-2020-27241?
CVE-2020-27241 is classified as critical with a severity value of 9.8.
How does CVE-2020-27241 affect OpenClinic GA?
CVE-2020-27241 allows unauthenticated SQL injection on the 'getAssets.jsp' page of OpenClinic GA 5.173.3.
How can CVE-2020-27241 be exploited?
An attacker can make an authenticated HTTP request with a malicious 'serialnumber' parameter to trigger the SQL injection vulnerability in OpenClinic GA 5.173.3.
Is there a fix available for CVE-2020-27241?
Currently, there is no fix available for CVE-2020-27241. It is recommended to apply updates or patches from the software vendor when they become available.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3