Multiple vulnerabilities in OpenClinic



Published: 2020-12-07
Risk High
Patch available NO
Number of vulnerabilities 4
CVE-ID CVE-2020-28938
CVE-2020-28939
CVE-2020-28937
CWE-ID CWE-79
CWE-434
CWE-287
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		OpenClinic
Other software / Other software solutions

Vendor Jose Antonio Chavarría

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Stored cross-site scripting

EUVDB-ID: #VU48810

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-28938

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in lib/Check.php. A remote authenticated attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic: 0.8.2

External links

http://labs.bishopfox.com/advisories/openclinic-version-0.8.2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Arbitrary file upload

EUVDB-ID: #VU48811

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-28939

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in "medical/test_new.php". A remote authenticated attacker can upload a malicious file and execute it on the server.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic: 0.8.2

External links

http://labs.bishopfox.com/advisories/openclinic-version-0.8.2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Authentication

EUVDB-ID: #VU48812

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-28937

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can send a direct request to the "/tests/" URI, access any patient´s medical test results and disclose the Protected Health Information (PHI) stored in the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic: 0.8.2

External links

http://labs.bishopfox.com/advisories/openclinic-version-0.8.2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Path traversal

EUVDB-ID: #VU48813

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: N/A

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the "/admin/theme_new.php" endpoint. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OpenClinic: 0.8.2

External links

http://labs.bishopfox.com/advisories/openclinic-version-0.8.2#LCA


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###