Lucene search

CVE-2023-40275

🗓️ 19 Mar 2024 01:44:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 10 Views🌐 WEB

OpenClinic GA 5.247.01 allows unauthorized retrieval of patient lists via findFirstname quer

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2023-40275	19 Mar 202400:00	–	cvelist
Vulnrichment	CVE-2023-40275	19 Mar 202400:00	–	vulnrichment
NVD	CVE-2023-40275	19 Mar 202401:15	–	nvd

Source	Link
github	www.github.com/BugBountyHunterCVE/CVE-2023-40275/blob/main/CVE-2023-40275_Unauthenticated-Patient-List-Retrieval_OpenClinic-GA_5.247.01_Report.md
sourceforge	www.sourceforge.net/projects/open-clinic/

Parameter	Position	Path	Description	CWE
findFirstname	query param	/_common/search/searchByAjax/patientslistShow.jsp	This endpoint allows unauthorized retrieval of patient lists based on the provided query parameter.	CWE-200

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Mar 2024 01:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS39.1

EPSS0.00043

SSVC

CWE-200

openclinic ga 5.247.01 unauthorized access patient lists security vulnerability cve-2023-40275