alextselegidis/easyappointments is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to private information such as name, email, phone, address, hashed password for all the customers with active appointments in the system. Using index.php/appointments/index/
endpoint attackers are also able to delete appointments and compromise the integrity of the system.
packetstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.html
github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466
github.com/alextselegidis/easyappointments/commit/bb71c9773627dace180d862f2e258a20df84f887
github.com/alextselegidis/easyappointments/issues/1208
huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26
huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/
opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/