PT-2020-14038 · Openclinic · Openclinic Ga
Published
2020-07-29
·
Updated
2020-07-30
·
CVE-2020-14490
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClinic GA versions 5.09.02 through 5.89.05b
Description
The issue allows for the disclosure of sensitive files or the execution of malicious uploaded files by executing arbitrary local files specified within its
parameter. This could potentially lead to security breaches.Recommendations
For OpenClinic GA versions 5.09.02 through 5.89.05b, consider restricting access to sensitive files and avoid using the vulnerable
parameter until a fix is available. As a temporary workaround, restrict the execution of files to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclinic Ga