CVE-2020-28939: Malicious File Upload
First published: Thu Dec 03 2020(Updated: )
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenClinic GA | =0.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-28939?
CVE-2020-28939 is rated as high severity due to the potential for arbitrary code execution.
How do I fix CVE-2020-28939?
To fix CVE-2020-28939, update OpenClinic to a version that addresses the insecure file upload vulnerability.
What impact does CVE-2020-28939 have?
CVE-2020-28939 allows authenticated users to upload malicious files, potentially compromising the application server.
Who is affected by CVE-2020-28939?
CVE-2020-28939 affects users of OpenClinic version 0.8.2 with substantial privileges.
Can CVE-2020-28939 be exploited remotely?
CVE-2020-28939 requires authentication, but it can lead to remote code execution by an authenticated attacker.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openclinic project
- canonical/openclinic ga
- version/openclinic ga/0.8.2