Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0
Vulnerability Description
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Easy!Appointments 安全漏洞
Vulnerability Description
Easy!Appointments是一套基于Web的预约、日程管理系统。 Easy!Appointments 存在安全漏洞,该漏洞源于 /customers/{customerId} 接口存在不安全的授权问题。低权限攻击者利用该漏洞可以获取、修改或删除低权限用户(客户)。
CVSS Information
N/A
Vulnerability Type
N/A