Skip to main content

CVE-2023-40278

Description

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.

NVD
Severity: N/A
CVE ID: CVE-2023-40278
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.

Refrence: NVDMITRE

Proof Of Concept

BugBountyHunterCVE

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8