PT-2024-12681 · Easyappointments+1 · Alextselegidis/Easyappointments+1

Jay Chen

Published

2024-07-09

Updated

2024-08-26

CVE-2023-38047

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description A BOLA vulnerability in the "GET, PUT, DELETE /categories/{categoryId}" endpoint allows a low-privileged user to fetch, modify, or delete the category of any user, including admin. This results in unauthorized access and unauthorized data manipulation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2023-38047

Affected Products

Alextselegidis/Easyappointments

Easyappointments

PT-2024-12681 · Easyappointments+1 · Alextselegidis/Easyappointments+1

CVE-2023-38047

Weakness Enumeration

Related Identifiers

Affected Products

References · 7