Vulnerabilities (CVE)

Filtered by vendor Phpgacl Project Subscribe

Filtered by product Phpgacl

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-13566	2 Open-emr, Phpgacl Project	2 Openemr, Phpgacl	2022-04-28	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.
CVE-2020-13568	2 Open-emr, Phpgacl Project	2 Openemr, Phpgacl	2022-04-28	6.5 MEDIUM	8.8 HIGH
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.