Bugbountyhunter

**Name of the Vulnerable Software and Affected Versions** OpenClinic GA version 5.247.01 **Description** An issue was discovered in OpenClinic GA, allowing retrieval of patient lists via queries such as `findFirstname=` to "/ common/search/searchByAjax/patientslistShow.jsp". **Recommendations** For OpenClinic GA version 5.247.01, consider restricting access to the ` common/search/searchByAjax/patientslistShow.jsp` endpoint to minimize the risk of exploitation. Avoid using the `findFirstname` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.