CVE-2023-40278

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error...

OpenClinic GA 5.247.01 - Information Disclosure

Exploit Title: OpenClinic GA 5.247.01 - Information Disclosure Date: 2023-08-14 Exploit Author: VB Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11 CVE:...

CVE-2023-40278

creationtimestamp| type| source ---|---|--- 2024-03-19 13:26:42+00:00| seen| https://t.me/ctinow/211442 2024-03-19 13:31:16+00:00| seen| https://t.me/ctinow/211461...

CVE-2023-40278

OpenClinic GA 5.247.01 is affected in the printAppointmentPdf.jsp component. The issue is an information-disclosure vulnerability triggered by manipulating the AppointmentUid parameter, allowing an attacker to determine whether a specific appointment exists via the error message. The root cause i...