PT-2026-58070 · Unknown · Easyappointments
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-55651
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Easy!Appointments versions prior to 1.6.0
Description
An excessive data exposure issue in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. An attacker can use these hashes to modify or delete appointments of other providers, leading to an appointments takeover.
Recommendations
Update to version 1.6.0.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easyappointments