SB2021041521 - Multiple vulnerabilities in OpenClinic GA
Published: April 15, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2020-27232)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "FindServiceUid" parameter in "manageServiceStocks.jsp" page. A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) SQL injection (CVE-ID: CVE-2020-27226)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "PatientUID" parameter in "quickFile.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
3) SQL injection (CVE-ID: CVE-2020-27241)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "serialnumber" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
4) SQL injection (CVE-ID: CVE-2020-27240)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "componentStatus" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
5) SQL injection (CVE-ID: CVE-2020-27239)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "assetStatus" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
6) SQL injection (CVE-ID: CVE-2020-27238)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "code" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
7) SQL injection (CVE-ID: CVE-2020-27237)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "nomenclature" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
8) SQL injection (CVE-ID: CVE-2020-27236)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "compnomenclature" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
9) SQL injection (CVE-ID: CVE-2020-27235)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "description" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
10) SQL injection (CVE-ID: CVE-2020-27234)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "serviceuid" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
11) SQL injection (CVE-ID: CVE-2020-27233)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "supplierUID" parameter in "getAssets.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
12) Command Injection (CVE-ID: CVE-2020-27227)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted request and execute arbitrary commands on the target system.
13) SQL injection (CVE-ID: CVE-2020-27246)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "immoComment" parameter in "listImmoLabels.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
14) SQL injection (CVE-ID: CVE-2020-27245)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "immoBuyer" parameter in "listImmoLabels.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
15) SQL injection (CVE-ID: CVE-2020-27244)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "immoCode" parameter in "listImmoLabels.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
16) SQL injection (CVE-ID: CVE-2020-27243)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "immoService" parameter in "listImmoLabels.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
17) SQL injection (CVE-ID: CVE-2020-27242)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "immoLocation" parameter in "listImmoLabels.jsp" page. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
18) Incorrect default permissions (CVE-ID: CVE-2020-27228)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in the installation functionality. A local user with access to the system can view contents of files and directories or modify them.
19) SQL injection (CVE-ID: CVE-2020-27231)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "findDistrict" parameter in "patientslist.do" page. A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
20) SQL injection (CVE-ID: CVE-2020-27230)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "findSector" parameter in "patientslist.do" page. A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
21) SQL injection (CVE-ID: CVE-2020-27229)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "findPersonID" parameter in "patientslist.do" page. A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1206
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1202
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1203
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1208
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1204
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1205