Skip to main content

Easyappointments CVE-2023-3700

MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2023-07-17 security@huntr.dev
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 17, 2023 - 07:15 nvd
MEDIUM 4.3

DescriptionNVD

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

AnalysisAI

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-639. Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Affected products include: Easyappointments. Version information: prior to 1.5.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-57602 CRITICAL POC
9.8 Feb 12

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php f

CVE-2023-1269 CRITICAL POC
9.8 Mar 08

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated critical severi

CVE-2022-0482 CRITICAL POC
9.1 Mar 09

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments p

CVE-2023-2105 HIGH POC
8.8 Apr 15

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), th

CVE-2022-1397 HIGH POC
8.8 May 10

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS

CVE-2024-57601 MEDIUM POC
6.1 Feb 12

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbit

CVE-2023-2104 MEDIUM POC
5.4 Apr 15

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS

CVE-2023-2103 MEDIUM POC
5.4 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-2102 MEDIUM POC
4.8 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-1367 LOW POC
3.8 Mar 13

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated low severity (CVSS 3.8), this

CVE-2026-55651 HIGH
7.1 Jul 14

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endp

CVE-2026-52837 MEDIUM
6.9 Jul 14

The reschedule endpoint in Easy!Appointments 1.5.2 and earlier exposes the complete customer database record to any part

Share

CVE-2023-3700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy