GCVE - cpe:2.3:a:n/a:openclinic:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:openclinic:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Openclinic (`c46e2245-29c5-57b7-9380-eacdc13fa540`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-27241`	vulnerable	2026-06-08 05:23:52.449685	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-19T20:33:41.000Z Updated: 2024-08-04T16:11:36.283Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27240`	vulnerable	2026-06-08 05:23:52.449191	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-19T20:33:33.000Z Updated: 2024-08-04T16:11:36.315Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27239`	vulnerable	2026-06-08 05:23:52.448675	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-15T13:38:43.000Z Updated: 2024-08-04T16:11:36.265Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27238`	vulnerable	2026-06-08 05:23:52.448273	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-15T13:38:25.000Z Updated: 2024-08-04T16:11:36.352Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27237`	vulnerable	2026-06-08 05:23:52.447735	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-15T13:37:58.000Z Updated: 2024-08-04T16:11:36.298Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27236`	vulnerable	2026-06-08 05:23:52.447224	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-13T14:07:27.000Z Updated: 2024-08-04T16:11:36.250Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27235`	vulnerable	2026-06-08 05:23:52.446646	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-13T14:07:17.000Z Updated: 2024-08-04T16:11:36.132Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27234`	vulnerable	2026-06-08 05:23:52.446139	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-13T14:07:10.000Z Updated: 2024-08-04T16:11:36.140Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27233`	vulnerable	2026-06-08 05:23:52.445740	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-04-13T14:07:02.000Z Updated: 2024-08-04T16:11:36.033Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27228`	vulnerable	2026-06-08 05:23:52.441423	Details available HIGH (8.8) An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Published: 2021-04-13T14:11:53.000Z Updated: 2024-08-04T16:11:36.202Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1204	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27227`	vulnerable	2026-06-08 05:23:52.440877	Details available CRITICAL (10) An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system. Published: 2021-04-13T14:12:45.000Z Updated: 2024-08-04T16:11:36.313Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27226`	vulnerable	2026-06-08 05:23:52.439209	Details available MEDIUM (6.4) An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: 2021-05-10T18:48:04.000Z Updated: 2024-08-04T16:11:36.140Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1202	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.