Easyappointments

Easyappointments

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-38055

  • EPSS 0.39%
  • Veröffentlicht 09.07.2024 11:15:12
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38052

  • EPSS 0.4%
  • Veröffentlicht 09.07.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38054

  • EPSS 0.4%
  • Veröffentlicht 09.07.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38053

  • EPSS 0.4%
  • Veröffentlicht 09.07.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38051

  • EPSS 0.4%
  • Veröffentlicht 09.07.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38050

  • EPSS 0.36%
  • Veröffentlicht 09.07.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:12:45

A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38049

  • EPSS 0.42%
  • Veröffentlicht 09.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:12:44

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38048

  • EPSS 0.4%
  • Veröffentlicht 09.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:12:44

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.

8.1

CVE-2023-38047

  • EPSS 0.37%
  • Veröffentlicht 09.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:12:44

A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

4.3

CVE-2023-3700

Exploit
  • EPSS 0.37%
  • Veröffentlicht 17.07.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:17:52

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.