CVE-2020-27245: SQL Injection
First published: Tue May 11 2021(Updated: )
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openclinic Ga Project Openclinic Ga | =5.173.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-27245?
CVE-2020-27245 is an SQL injection vulnerability in the 'listImmoLabels.jsp' page of OpenClinic GA 5.173.3 application.
How severe is the vulnerability CVE-2020-27245?
The severity of CVE-2020-27245 is high with a CVSS score of 8.8.
How does the SQL injection vulnerability in CVE-2020-27245 work?
The SQL injection vulnerability in CVE-2020-27245 is triggered by an attacker making an authenticated HTTP request to the 'listImmoLabels.jsp' page with a specially crafted immoBuyer parameter.
What software versions are affected by CVE-2020-27245?
OpenClinic GA 5.173.3 is the affected version by CVE-2020-27245.
Is there a fix available for CVE-2020-27245?
At the moment, there is no known fix for CVE-2020-27245. It is recommended to update to a patched version when it becomes available.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/openclinic ga project
- canonical/openclinic ga project openclinic ga
- version/openclinic ga project openclinic ga/5.173.3