CVE-2020-14490

Published: Jul 29, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.

Affected (2)

Products: Openclinic Ga Project: Openclinic Ga

Openclinic Ga Project

1 product

Openclinic Ga

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openclinic Ga Project Openclinic Ga	Version 5.09.02
Openclinic Ga Project Openclinic Ga	Version 5.89.05b

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.