CVE-2020-14485

Summary

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.

Affected Software

VendorProductVersion RangeStatus
n/aOpenClinic GAVersions 5.09.02 and 5.89.05baffected

Weaknesses

  • CWE-288: AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288

ADP Enrichment

CVE Program Container

Additional References

References