GCVE - cpe:2.3:a:n/a:openclinic_ga:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:openclinic_ga:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Openclinic Ga (`6f4c75e2-12bd-52eb-8f1a-b94aae0e7b2f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-27246`	vulnerable	2026-06-08 05:23:52.452106	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-11T10:48:24.000Z Updated: 2024-08-04T16:11:36.415Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27245`	vulnerable	2026-06-08 05:23:52.451702	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-11T10:48:19.000Z Updated: 2024-08-04T16:11:36.287Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27244`	vulnerable	2026-06-08 05:23:52.451172	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-11T10:36:11.000Z Updated: 2024-08-04T16:11:36.310Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27243`	vulnerable	2026-06-08 05:23:52.450773	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-11T10:36:04.000Z Updated: 2024-08-04T16:11:36.305Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27242`	vulnerable	2026-06-08 05:23:52.450175	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-11T10:35:58.000Z Updated: 2024-08-04T16:11:36.409Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27232`	vulnerable	2026-06-08 05:23:52.445317	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-10T19:06:47.000Z Updated: 2024-08-04T16:11:36.179Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1206	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27231`	vulnerable	2026-06-08 05:23:52.444729	Details available MEDIUM (6.4) A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-10T18:36:30.000Z Updated: 2024-08-04T16:11:36.113Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27230`	vulnerable	2026-06-08 05:23:52.444262	Details available MEDIUM (6.4) A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-10T18:36:23.000Z Updated: 2024-08-04T16:11:36.050Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27229`	vulnerable	2026-06-08 05:23:52.443595	Details available MEDIUM (6.4) A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-10T18:36:17.000Z Updated: 2024-08-04T16:11:36.080Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14494`	vulnerable	2026-06-08 05:19:23.572425	Details available OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. Published: 2020-07-20T14:45:28.000Z Updated: 2024-08-04T12:46:34.648Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14491`	vulnerable	2026-06-08 05:19:23.570666	Details available OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. Published: 2020-07-20T14:45:36.000Z Updated: 2024-08-04T12:46:34.656Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14485`	vulnerable	2026-06-08 05:19:23.563836	Details available OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries. Published: 2020-07-20T14:45:10.000Z Updated: 2024-08-04T12:46:34.594Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14484`	vulnerable	2026-06-08 05:19:23.561905	Details available OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. Published: 2020-07-20T14:45:20.000Z Updated: 2024-08-04T12:46:34.703Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.