cve/2023/CVE-2023-40278.md

### [CVE-2023-40278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40278)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/BugBountyHunterCVE/CVE-2023-40278
- https://github.com/NaInSec/CVE-LIST
- https://github.com/nomi-sec/PoC-in-GitHub
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-40278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40278)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/BugBountyHunterCVE/CVE-2023-40278`
			`- https://github.com/NaInSec/CVE-LIST`
			`- https://github.com/nomi-sec/PoC-in-GitHub`