漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure
Vulnerability Description
Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointments of other providers, resulting in an Appointments Takeover. Version 1.6.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Alex Tselegidis Easy!Appointments 信息泄露漏洞
Vulnerability Description
Alex Tselegidis Easy!Appointments是Alex Tselegidis个人开发者的一个在线预约系统。 Alex Tselegidis Easy!Appointments 1.5.2版本存在信息泄露漏洞,该漏洞源于客户搜索端点数据过度暴露,可能导致已认证用户获取其他用户的预约散列值,进而修改或删除其他提供者的预约,造成预约接管。
CVSS Information
N/A
Vulnerability Type
N/A