CNNVD-202601-2572 Information

CNNVD ID

CNNVD-202601-2572

Related CVE

CVE-2026-23622

• CNNVD Published: 2026-01-15

Description (Chinese)

Easy!Appointments是Alex Tselegidis个人开发者的一套基于Web的预约、日程管理系统。 Easy!Appointments 1.5.2及之前版本存在安全漏洞，该漏洞源于仅对POST请求强制CSRF检查，可能导致跨站请求伪造攻击，包括管理员账户创建和接管。

Description (English)

Easy! Appointments are a Web-based appointment, calendar management system for Alex Tselegidis personal developers. EASY!Appointments 1.5.2 and previous versions contain a security loophole, which stems from the fact that only POST requests for mandatory CSRF inspections may result in cross-site requests for false attacks, including the creation and taking over of administrator accounts.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-54v4-4685-vwrj