CVE-2023-38054 | easyappointments up to 1.4.x /customers/{customerId} authorization

Posted by Angelo Barbosa | Jul 9, 2024 | CVE

A vulnerability was found in easyappointments up to 1.4.x and classified as critical. This issue affects some unknown processing of the file /customers/{customerId}. The manipulation leads to authorization bypass.

The identification of this vulnerability is CVE-2023-38054. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-38054 | easyappointments up to 1.4.x /customers/{customerId} authorization

Related Posts

CVE-2024-33571 | Infomaniak Staff VOD Infomaniak Plugin up to 1.5.6 on WordPress cross site scripting

CVE-2024-7988 | Rockwell ThinManager ThinServer unrestricted upload (ZDI-24-1158)

CVE-2023-45581 | Fortinet FortiClientEMS up to 7.2.2 HTTP privileges management (FG-IR-23-357)

CVE-2024-37316 | Nextcloud Calendar App up to 4.6.7/4.7.1 Event Attachment unexpected data type