A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LEasyappointments
APPEasyappointments< 1.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2024-57602CRITICAL9.8PL ✓ten sam produkt
EasyAppointments v.1.5.0 — privilege escalation przez index.php
CVE-2023-38051CRITICAL9.9PL ✓ten sam produkt
BOLA w Easy!Appointments — nieuprawniony dostęp do danych sekretarek
CVE-2023-38048CRITICAL9.9PL ✓ten sam produkt
BOLA w Easy!Appointments — nieautoryzowany dostęp do kont dostawców
CVE-2023-3287CRITICAL9.9PL ✓ten sam produkt
BOLA w Easy!Appointments — privilege escalation do administratora
CVE-2023-38049CRITICAL9.9PL ✓ten sam produkt
BOLA w EasyAppointments — nieuprawniony dostęp do wizyt innych użytkowników