Login Sign Up

CVE-2020-27235

9.8 CRITICAL
SQL Injection

📋 TL;DR

This is an authenticated SQL injection vulnerability in OpenClinic GA's 'getAssets.jsp' page that allows attackers to execute arbitrary SQL commands through the description parameter. Attackers with valid credentials can potentially access, modify, or delete database content. This affects OpenClinic GA version 5.173.3 installations.

💻 Affected Systems

Products:
  • OpenClinic GA
Versions: 5.173.3
Operating Systems: Any OS running OpenClinic GA
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the web application.

📦 What is this software?

Openclinic Ga by Openclinic Ga Project

View all CVEs affecting Openclinic Ga →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access and extraction of sensitive patient/medical records from the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions.

🌐 Internet-Facing: HIGH - Web applications exposed to internet are directly accessible to attackers.
🏢 Internal Only: MEDIUM - Requires authenticated access but internal threats or compromised credentials still pose risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection via authenticated HTTP request to getAssets.jsp with malicious description parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.173.4 or later

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207

Restart Required: Yes

Instructions:

1. Download latest OpenClinic GA version from official source. 2. Backup current installation and database. 3. Deploy updated version following vendor documentation. 4. Restart application services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to reject SQL special characters in description parameter.

Add input validation in getAssets.jsp or application filter

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns.

ModSecurity rule: SecRule ARGS:description "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Implement strict database user permissions with least privilege principle.
  • Deploy network segmentation to isolate OpenClinic from other critical systems.

🔍 How to Verify

Check if Vulnerable:

Test authenticated request to getAssets.jsp with SQL injection payload in description parameter.

Check Version:

Check OpenClinic version in web interface or application files.

Verify Fix Applied:

Attempt SQL injection test after patch - should receive error or no database interaction.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by getAssets.jsp access

Network Indicators:

  • HTTP POST requests to getAssets.jsp with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/getAssets.jsp" AND (description CONTAINS "UNION" OR description CONTAINS "SELECT" OR description CONTAINS "--")

📊 Metadata

CVE ID: CVE-2020-27235
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: April 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27235, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)