VB

2 exploits Active since Mar 2024
CVE-2023-40278 EXPLOITDB HIGH WRITEUP
OpenClinic GA 5.247.01 - Information Disclosure via AppointmentUid Parameter
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.
CVSS 7.5
CVE-2023-40279 EXPLOITDB HIGH WORKING POC
OpenClinic GA 5.247.01 - Authenticated Path Traversal via Page Parameter
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVSS 7.5