Skip to main content

Easyappointments CVE-2023-1269

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2023-03-08 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 08, 2023 - 11:15 nvd
CRITICAL 9.8

DescriptionNVD

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

AnalysisAI

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Affected products include: Easyappointments. Version information: prior to 1.5.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2024-57602 CRITICAL POC
9.8 Feb 12

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php f

CVE-2022-0482 CRITICAL POC
9.1 Mar 09

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments p

CVE-2023-2105 HIGH POC
8.8 Apr 15

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), th

CVE-2022-1397 HIGH POC
8.8 May 10

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS

CVE-2024-57601 MEDIUM POC
6.1 Feb 12

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbit

CVE-2023-2104 MEDIUM POC
5.4 Apr 15

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS

CVE-2023-2103 MEDIUM POC
5.4 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-2102 MEDIUM POC
4.8 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-3700 MEDIUM POC
4.3 Jul 17

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Ra

CVE-2023-1367 LOW POC
3.8 Mar 13

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated low severity (CVSS 3.8), this

CVE-2026-55651 HIGH
7.1 Jul 14

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endp

CVE-2026-52837 MEDIUM
6.9 Jul 14

The reschedule endpoint in Easy!Appointments 1.5.2 and earlier exposes the complete customer database record to any part

Share

CVE-2023-1269 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy