In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.
Start learningUpgrade alextselegidis/easyappointments to version 1.6.0 or higher.
alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the appointments/store and appointments/update endpoints. An attacker can manipulate appointment data belonging to other providers by submitting requests with a forged id_users_provider value. This allows unauthorized modification or creation of appointments in another provider's schedule.