CVE-2020-27236 MEDIUM

CVE-2020-27236

Vendor N/A

Product OpenClinic

Weakness CWE-89 · SQLi

Published April 13, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

April 13, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27236 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-13301 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection CVE-2017-20030 PHPList Sending Campain sql injection CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability CVE-2025-7539 code-projects Online Appointment Booking System getdoctordaybooking.php sql injection CVE-2025-2681 PHPGurukul Bank Locker Management System edit-locker.php sql injection