Openclinic Ga Project

openclinic_ga_project

37 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Openclinic Ga

openclinic_ga

37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40279 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40278 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attac...Show more An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.Show less
CVE-2023-40280 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2023-40277 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
CVE-2023-40276 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
CVE-2023-40275 1Openclinic Ga Project 1Openclinic Ga Apr 14, 2025 Mar 19, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
CVE-2021-37364 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 Oct 26, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8....Show more OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.Show less
CVE-2020-27246 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection...Show more An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27245 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection....Show more An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27244 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. A...Show more An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27243 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection...Show more An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27242 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injectio...Show more An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27232 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request...Show more An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27231 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL inject...Show more A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27230 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injectio...Show more A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27229 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL inject...Show more A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27226 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigge...Show more An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27241 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 Apr 19, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can mak...Show more An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27240 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 Apr 19, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can m...Show more An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2020-27239 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 Apr 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make...Show more An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less

12 Next