Openclinicgaproject Openclinic Ga
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Openclinicgaproject Openclinic Ga.
By the Year
In 2026 there have been 0 vulnerabilities in Openclinicgaproject Openclinic Ga. Openclinic Ga did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 6 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 22 | 9.16 |
| 2020 | 1 | 9.80 |
It may take a day or so for new Openclinic Ga vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openclinicgaproject Openclinic Ga Security Vulnerabilities
OpenClinic GA 5.247.01 Directory Traversal via Page param
CVE-2023-40279
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
OpenClinic GA 5.247.01 Info Disclosure via printAppointmentPdf.jsp
CVE-2023-40278
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.
OpenClinic GA 5.247.01 Patient List Disclosure via Ajax Search
CVE-2023-40275
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
OpenClinic GA 5.247.01 Unauth File Download in pharmacy/exportFile.jsp
CVE-2023-40276
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
OpenClinic GA 5.247.01 Reflected XSS in login.jsp message param
CVE-2023-40277
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
OpenClinic GA 5.247.01 Path Traversal via Page Param (popup.jsp)
CVE-2023-40280
- March 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
OpenClinic GA 5.194.18 is affected by Insecure Permissions
CVE-2021-37364
7.8 - High
- October 26, 2021
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
Incorrect Permission Assignment for Critical Resource
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application
CVE-2020-27243
8.8 - High
- May 11, 2021
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application. The immoService parameter in the listImmoLabels.jsp page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application
CVE-2020-27242
8.8 - High
- May 11, 2021
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the listImmoLabels.jsp page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application
CVE-2020-27244
8.8 - High
- May 11, 2021
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application. The immoCode parameter in the listImmoLabels.jsp page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application
CVE-2020-27245
8.8 - High
- May 11, 2021
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the listImmoLabels.jsp page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application
CVE-2020-27246
8.8 - High
- May 11, 2021
An exploitable SQL injection vulnerability exists in listImmoLabels.jsp page of OpenClinic GA 5.173.3 application. The immoComment parameter in the listImmoLabels.jsp page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in manageServiceStocks.jsp page of OpenClinic GA 5.173.3
CVE-2020-27232
8.8 - High
- May 10, 2021
An exploitable SQL injection vulnerability exists in manageServiceStocks.jsp page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application
CVE-2020-27229
8.8 - High
- May 10, 2021
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application. The findPersonID parameter in patientslist.do page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application
CVE-2020-27230
8.8 - High
- May 10, 2021
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application. The findSector parameter in patientslist.do page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in quickFile.jsp page of OpenClinic GA 5.173.3
CVE-2020-27226
8.8 - High
- May 10, 2021
An exploitable SQL injection vulnerability exists in quickFile.jsp page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application
CVE-2020-27231
8.8 - High
- May 10, 2021
A number of exploitable SQL injection vulnerabilities exists in patientslist.do page of OpenClinic GA 5.173.3 application. The findDistrict parameter in patientslist.do page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3
CVE-2020-27241
9.8 - Critical
- April 19, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3
CVE-2020-27240
9.8 - Critical
- April 19, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3
CVE-2020-27239
9.8 - Critical
- April 15, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3
CVE-2020-27238
9.8 - Critical
- April 15, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3
CVE-2020-27237
9.8 - Critical
- April 15, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3
CVE-2020-27227
9.8 - Critical
- April 13, 2021
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
Shell injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the supplierUID parameter
CVE-2020-27233
9.8 - Critical
- April 13, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3
CVE-2020-27228
7.8 - High
- April 13, 2021
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.
Incorrect Default Permissions
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the compnomenclature parameter
CVE-2020-27236
9.8 - Critical
- April 13, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the description parameter
CVE-2020-27235
9.8 - Critical
- April 13, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the serviceUID parameter
CVE-2020-27234
9.8 - Critical
- April 13, 2021
An exploitable SQL injection vulnerability exists in getAssets.jsp page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SQL Injection
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system
CVE-2020-14494
9.8 - Critical
- July 20, 2020
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.
Improper Restriction of Excessive Authentication Attempts
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Openclinicgaproject Openclinic Ga or by Openclinicgaproject? Click the Watch button to subscribe.
