PT-2020-14036 · Openclinic · Openclinic Ga
Published
2020-07-29
·
Updated
2020-07-29
·
CVE-2020-14488
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenClinic GA versions 5.09.02 through 5.89.05b
Description
The issue is related to the improper verification of uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
Recommendations
For OpenClinic GA versions 5.09.02 through 5.89.05b, consider implementing proper file verification mechanisms to prevent the upload and execution of arbitrary files. As a temporary workaround, restrict file upload capabilities to trusted users until a proper fix is applied.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclinic Ga