CVE-2022-0482

This exploit targets an information disclosure vulnerability in Easy Appointments < 1.4.3, allowing unauthenticated access to private personal information (PII) via an API endpoint. It fetches a CSRF token and then queries the backend API to retrieve calendar events within a specified date range.

This is a functional exploit for CVE-2022-0482, an unauthenticated PII disclosure vulnerability in Easy!Appointments < 1.4.3. The script queries the API to retrieve sensitive appointment data, including customer and provider details.

This repository contains a functional Python exploit for CVE-2022-0482, an Incorrect Authorization vulnerability in Easy!Appointments versions prior to 1.4.3. The exploit leverages a missing authentication check on the `/index.php/backend_api/ajax_get_calendar_events` endpoint to retrieve sensitive appointment data.