CVE-2023-2104

Improper Access Control in Easy!Appointments v1.4.3

CVE ID

CVE-2023-2104

Description

It was discovered that the improper access control in the application allows one provider to view and edit others provider appointment’s details.

Tested Versions

v1.4.3

Details

Easy!Appointments is a highly customizable web application that allows customers to book the appointments through web interface. It is an open source project that can be downloaded and installed for commercial use.

Timeline

• 2023-03-15 - Vendor Disclosure
• 2023-04-15 - Vendor Patched
• 2023-04-15 - Public Release

Credit

Discovered by Tan Inn Fung of Govtech.