CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments

CVSS 9.1 CRITICALEPSS 38.1%CWE-359

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

alextselegidis · alextselegidis/easyappointments

public PoCs found — 4

githubgithub.com/Acceis/exploit-CVE-2022-0482★ 3 githubgithub.com/mija-pilkaite/CVE-2022-0482_exploit★ 1 cve_referencepacketstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.htmlunverified exploitdbwww.exploit-db.com/exploits/50871unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.html https://github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466 https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26 https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/