CVE-2020-27232 MEDIUM

CVE-2020-27232

Vendor N/A

Product OpenClinic GA

Weakness CWE-89 · SQLi

Published May 10, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

May 10, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27232 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2021-32789 Arbitrary SQL (SQL injection) possible via the Store API component. CVE-2025-9679 itsourcecode Student Information System course_edit1.php sql injection CVE-2025-12309 code-projects Nero Social Networking Site friendprofile.php sql injection CVE-2025-10809 Campcodes Online Learning Management System department.php sql injection CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability