CVE-2020-14490

HIGH

OpenClinic GA 5.09.02 and 5.89.05b - Path Traversal and Arbitrary File Execution

Title source: llm

Description

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/ICSMA-20-184-01

Scores

CVSS v3 8.8

EPSS 0.0246

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

openclinic_ga_project/openclinic_ga 5.09.02

openclinic_ga_project/openclinic_ga 5.89.05b

Published Jul 29, 2020

Tracked Since Feb 18, 2026