CVE-2020-14493

Summary

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
open sourceOpenClinic GA5.09.02affected
open sourceOpenClinic GA5.89.05baffected

Weaknesses

  • CWE-250: EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Workarounds

OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes.

ADP Enrichment

CVE Program Container

Additional References

References