2 matches found
CVE-2023-3289 A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system including admin. This results in unauthorized data manipulation...
CVE-2023-3289
CVE-2023-3289 affects Easy!Appointments (versions prior to 1.5.0). A BOLA in POST /services allows a low-privileged user to create a service for any user (including admin), leading to unauthorized data manipulation. The connected documents provide explicit description of the affected endpoint and...