CVE-2020-27227
CVE-2020-27227
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
n/a · OpenClinic¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →