CVE-2020-13567

Summary

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
OpenEMROpenEMR5.0.2affected
OpenEMROpenEMRdevelopment version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)affected
phpGACLphpGACL3.3.7affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References