Freemedsoftware: Security Vulnerabilities
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.
CVSS Score
9.4
EPSS Score
0.003
Published
2020-07-29
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-07-29