CVE-2020-27227

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.173.3:*:*:*:*:*:*:*

Information

Published : 2021-04-13 03:15

Updated : 2022-07-29 01:01


NVD link : CVE-2020-27227

Mitre link : CVE-2020-27227

Products Affected
No products.
CWE