mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.0 KiB
1.0 KiB
CVE-2020-27227
&color=brighgreen)
Description
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
POC
Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203
Github
No PoCs found on GitHub currently.