CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

Easy!Appointments <1.4.3 - Broken Access Control

Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments. id: CVE-2022-0482 info: name: Easy!Appointments 1.4.3 - Broken Access Control author: francescocarlucci,opencirt severity: critical...

9.1CVSS7.3AI score0.38133EPSS

Exploits7References5

Github Security Blog•added 2026/01/15 8:11 p.m.•7 views

alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

Summary application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's...

8.8CVSS7.2AI score0.00203EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/01/15 7:28 p.m.•3 views

CVE-2026-23622 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.7CVSS6.4AI score0.00203EPSS

Exploits1References1

Positive Technologies•added 2026/01/15 12:0 a.m.•4 views

PT-2026-3099

Name of the Vulnerable Software and Affected Versions Easy!Appointments versions 1.5.2 and earlier Description The application's CSRF protection in application/core/EA Security.php::csrf verify only applies to POST requests, bypassing validation for other request methods like GET. Several...

8.8CVSS6AI score0.00203EPSS

Exploits1References9

Veracode•added 2025/12/13 5:52 a.m.•4 views

Privilege Escalation

alextselegidis/easyappointments is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the index.php file, which allows a remote attacker to escalate privileges by exploiting insufficient authorization checks...

9.8CVSS5.8AI score0.00767EPSS

Exploits1References4Affected Software1