Home/Product/openclinic ga project openclinic ga
Product

openclinic ga project openclinic ga

39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-40279
all versions
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a
7.5HIGH
 CVE-2023-40278
all versions
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppoint
7.5HIGH
 CVE-2023-40280
all versions
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a
7.5HIGH
 CVE-2023-40277
all versions
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the
6.1MEDIUM
 CVE-2023-40276
all versions
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/
9.1CRITICAL
 CVE-2023-40275
all versions
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _com
9.1CRITICAL
 CVE-2021-37364
all versions
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to
7.8HIGH
 CVE-2020-27246
all versions
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoC
8.8HIGH
 CVE-2020-27245
all versions
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoB
8.8HIGH
 CVE-2020-27244
all versions
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoC
8.8HIGH
 CVE-2020-27243
all versions
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoS
8.8HIGH
 CVE-2020-27242
all versions
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoL
8.8HIGH
 CVE-2020-27232
all versions
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially craf
8.8HIGH
 CVE-2020-27231
all versions
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. T
8.8HIGH
 CVE-2020-27230
all versions
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. T
8.8HIGH
 CVE-2020-27229
all versions
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. T
8.8HIGH
 CVE-2020-27226
all versions
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP r
8.8HIGH
 CVE-2020-27241
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter
9.8CRITICAL
 CVE-2020-27240
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parame
9.8CRITICAL
 CVE-2020-27239
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter
9.8CRITICAL
 CVE-2020-27238
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the
9.8CRITICAL
 CVE-2020-27237
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the
9.8CRITICAL
 CVE-2020-27236
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature par
9.8CRITICAL
 CVE-2020-27235
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description paramete
9.8CRITICAL
 CVE-2020-27234
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter
9.8CRITICAL
 CVE-2020-27233
all versions
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID paramete
9.8CRITICAL
 CVE-2020-27228
all versions
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the
7.8HIGH
 CVE-2020-27227
all versions
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause com
9.8CRITICAL
 CVE-2020-14488
all versions
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and exe
8.8HIGH
 CVE-2020-14487
all versions
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off
9.4CRITICAL
 CVE-2020-14486
all versions
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permiss
6.3MEDIUM
 CVE-2020-14493
all versions
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow
8.8HIGH
 CVE-2020-14492
all versions
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of maliciou
5.4MEDIUM
 CVE-2020-14490
all versions
OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which ma
8.8HIGH
 CVE-2020-14489
all versions
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover pa
6.2MEDIUM
 CVE-2020-14494
all versions
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient
9.8CRITICAL
 CVE-2020-14491
all versions
OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-
6.5MEDIUM
 CVE-2020-14485
all versions
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request t
9.8CRITICAL
 CVE-2020-14484
all versions
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may a
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh