Shodan
Vulnerabilities
Vulnerable Software
Easyappointments:  Security Vulnerabilities
CVE-2025-29448
Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-07
CVE-2025-31828
Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments allows Cross Site Request Forgery. This issue affects Easy!Appointments: from n/a through 1.4.2.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-01
CVE-2024-57602
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-12
CVE-2023-38055
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3286
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3287
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-3288
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3289
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3290
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38050
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved