Skip to main content

Easyappointments CVE-2022-1397

HIGH
Improper Privilege Management (CWE-269)
2022-05-10 security@huntr.dev
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 10, 2022 - 14:15 nvd
HIGH 8.8

DescriptionNVD

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

AnalysisAI

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. Affected products include: Easyappointments. Version information: prior to 1.5.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2024-57602 CRITICAL POC
9.8 Feb 12

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php f

CVE-2023-1269 CRITICAL POC
9.8 Mar 08

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated critical severi

CVE-2022-0482 CRITICAL POC
9.1 Mar 09

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments p

CVE-2023-2105 HIGH POC
8.8 Apr 15

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), th

CVE-2024-57601 MEDIUM POC
6.1 Feb 12

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbit

CVE-2023-2104 MEDIUM POC
5.4 Apr 15

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS

CVE-2023-2103 MEDIUM POC
5.4 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-2102 MEDIUM POC
4.8 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-3700 MEDIUM POC
4.3 Jul 17

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Ra

CVE-2023-1367 LOW POC
3.8 Mar 13

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated low severity (CVSS 3.8), this

CVE-2026-55651 HIGH
7.1 Jul 14

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endp

CVE-2026-52837 MEDIUM
6.9 Jul 14

The reschedule endpoint in Easy!Appointments 1.5.2 and earlier exposes the complete customer database record to any part

Share

CVE-2022-1397 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy