Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenClinic GA 安全漏洞
Vulnerability Description
OpenClinic GA是一套开源的医院信息管理系统。该系统支持财务管理、临床管理和实验室管理等功能。 OpenClinic GA 存在安全漏洞,该漏洞源于默认情况下,Authenticated Users组具有修改openclinic文件夹文件的权限。低权限帐户能够重命名位于bin文件夹中的mysqld.exe或tomcat8.exe文件,并将其替换为恶意文件,该恶意文件将连接回攻击计算机,并由于服务作为本地系统运行而给予系统级特权(nt权限系统)。当低特权用户无法通过应用程序重新启动服务时,计算机的
CVSS Information
N/A
Vulnerability Type
N/A