← Back

Openclinic Ga

openclinic_ga

Vendor: Openclinic Ga Project • 37 CVEs

CVEs (37)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-40279
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40278
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attac...Show more
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.Show less
CVE-2023-40280
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2023-40277
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
CVE-2023-40276
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
CVE-2023-40275
1Openclinic Ga Project
1Openclinic Ga
Apr 14, 2025
Mar 19, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
CVE-2021-37364
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
Oct 26, 2021
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8....Show more
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.Show less
CVE-2020-27246
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 11, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection...Show more
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27245
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 11, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection....Show more
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27244
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 11, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. A...Show more
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27243
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 11, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection...Show more
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27242
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 11, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injectio...Show more
An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27232
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 10, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request...Show more
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27231
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 10, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL inject...Show more
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27230
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 10, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injectio...Show more
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27229
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 10, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL inject...Show more
A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27226
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
May 10, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigge...Show more
An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27241
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
Apr 19, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can mak...Show more
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27240
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
Apr 19, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can m...Show more
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27239
1Openclinic Ga Project
1Openclinic Ga
Nov 21, 2024
Apr 15, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make...Show more
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less