mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
70 lines
2.3 KiB
JSON
70 lines
2.3 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-27229",
|
|
"ASSIGNER": "talos-cna@cisco.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "OpenClinic GA",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "OpenClinic GA 5.173.3"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205",
|
|
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A number of exploitable SQL injection vulnerabilities exists in \u2018patientslist.do\u2019 page of OpenClinic GA 5.173.3 application. The findPersonID parameter in \u2018\u2018patientslist.do\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"baseScore": 6.4,
|
|
"baseSeverity": "Medium",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
|
"version": "3.0"
|
|
}
|
|
}
|
|
} |