A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2021-05-10T18:36:17
Updated: 2024-08-04T16:11:36.080Z
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27229
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-05-10T19:15:07.917
Modified: 2022-04-28T20:28:36.960
Link: CVE-2020-27229
Redhat
No data.