A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2020-07-02T00:00:00
Updated: 2020-07-29T12:27:28
Reserved: 2020-06-19T00:00:00
Link: CVE-2020-14493
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-29T13:15:10.260
Modified: 2020-07-30T13:54:14.717
Link: CVE-2020-14493
JSON object: View
Redhat Information
No data.