CVE-2020-20444

Name of the Vulnerable Software and Affected Versions Jact OpenClinic version 0.8.20160412

Description The issue is related to errors in authorization in the shared/view source.php component of the OpenClinic software for managing medical records. An attacker, acting remotely, can exploit this issue to potentially execute arbitrary code after logging into the admin account. This is achieved by using an infected file GET parameter in the "/shared/view source.php" API endpoint.

Recommendations For Jact OpenClinic version 0.8.20160412, as a temporary workaround, consider restricting access to the "/shared/view source.php" API endpoint to minimize the risk of exploitation. Additionally, avoid using the file parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.