Vulnerability Details CVE-2023-40278
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md
- https://sourceforge.net/projects/open-clinic/
- https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md
- https://sourceforge.net/projects/open-clinic/
Products affected by CVE-2023-40278
-
cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.247.01