CVE-2020-14493

High

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the…

icscert·CWE-250·Published 2020-07-29

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

167 chars

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.

NVDen

167 chars

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.

Un usuario poco privilegiado puede usar la sintaxis SQL para escribir archivos arbitrarios en el servidor OpenClinic GA versiones 5.09.02 y 5.89.05b, lo que puede permitir una ejecución de comandos arbitrarios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H