CVE-2026-23622
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-04-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alextselegidis | easyappointments | to 1.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical Cross-Site Request Forgery (CSRF) issue in Easy!Appointments. The application only enforces CSRF token validation for POST requests, ignoring other HTTP methods like GET. Some endpoints perform state-changing operations via GET parameters without CSRF protection. An attacker can exploit this by tricking an authenticated admin into visiting a malicious page that sends crafted GET requests, allowing actions like creating admin accounts or changing admin credentials without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including creation of unauthorized admin accounts, modification of admin emails and passwords, and ultimately full administrative account takeover. This means an attacker can completely compromise the application instance, gaining full control over it. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring HTTP requests to the Easy!Appointments application for state-changing operations performed via GET requests. Specifically, look for requests to endpoints such as index.php/admins/store, index.php/admins/update, and index.php/account/save that include parameters in the URL or $_REQUEST. Commands like using curl or network monitoring tools to capture and analyze GET requests to these endpoints can help identify potential exploitation attempts. For example, you can use: curl -v 'http://yourserver/index.php/admins/store?param=value' to test if state changes are accepted via GET. Additionally, reviewing server logs for unusual GET requests that modify data can help detect exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying a minimal core fix that enforces CSRF token validation for all HTTP methods except those explicitly whitelisted, thereby preventing CSRF attacks via GET requests. Additionally, restrict state-changing operations to appropriate HTTP methods such as POST, PUT, or DELETE. If possible, implement re-authentication or confirmation for critical operations like email or password changes. Setting secure cookie flags such as SameSite, Secure, and HttpOnly is also recommended to enhance security. Since no patched versions are available at the time of the report, these configuration and code changes are essential to reduce risk. [1]