CVE-2020-14490

OpenClinic GA

CVSS 8.8 HIGHEPSS 2.5%CWE-22

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

open source · OpenClinic GA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01