Easyappointments Security Vulnerabilities and Issues — Easyappointments CVE List

Lucene search

EasyappointmentsEasyappointments

13 matches found

CVE•added 2022/05/10 2:15 p.m.•2422 views

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

9CVSS8.7AI score0.0021EPSS

CVE•added 2022/03/09 11:15 a.m.•2325 views

CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

9.1CVSS9.1AI score0.93021EPSS

CVE•added 2025/02/12 10:15 p.m.•60 views

CVE-2024-57602

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.

9.8CVSS7.2AI score0.00357EPSS

CVE•added 2023/03/08 11:15 a.m.•53 views

CVE-2023-1269

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

9.8CVSS8AI score0.00367EPSS

CVE•added 2024/07/09 11:15 a.m.•48 views

CVE-2023-3287

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.

9.9CVSS8.8AI score0.00162EPSS

CVE•added 2024/07/09 11:15 a.m.•45 views

CVE-2023-38048

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.5AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•40 views

CVE-2023-38055

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.6CVSS8.4AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•39 views

CVE-2023-38052

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.3AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•37 views

CVE-2023-38049

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.5AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•37 views

CVE-2023-38050

A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.1CVSS8.3AI score0.00135EPSS

CVE•added 2024/07/09 11:15 a.m.•37 views

CVE-2023-38054

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.5AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•36 views

CVE-2023-38051

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.5AI score0.00149EPSS

CVE•added 2024/07/09 11:15 a.m.•36 views

CVE-2023-38053

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

9.9CVSS8.5AI score0.00149EPSS