PT-2025-6751 · Alextselegidis · Easyappointments

0Xhamy

·

Published

2025-02-12

·

Updated

2025-02-24

·

CVE-2024-57602

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Alex Tselegidis EasyAppointments version 1.5.0
Description An issue in Alex Tselegidis EasyAppointments allows a remote attacker to escalate privileges via the "index.php" file.
Recommendations For version 1.5.0, consider restricting access to the "index.php" file as a temporary workaround until a patch is available.

Exploit

Fix

Improper Privilege Management

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-307

Related Identifiers

CVE-2024-57602
GHSA-8FC2-FHH6-F6M5

Affected Products

Easyappointments