CVE-2023-40275

2024-03-1900:00:00

mitre

www.cve.org

openclinic ga

unauthorized retrieval

patient lists

security issue

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.

References

github.com/BugBountyHunterCVE/CVE-2023-40275/blob/main/CVE-2023-40275_Unauthenticated-Patient-List-Retrieval_OpenClinic-GA_5.247.01_Report.md

sourceforge.net/projects/open-clinic/