An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openclinic ga project openclinic ga 5.173.3 |