CVE-2022-0482

CRITICAL EXPLOITED NUCLEI

GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-0482 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Alexandre ZANNI, Acceis, mija-pilkaite. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets an information disclosure vulnerability in Easy Appointments < 1.4.3, allowing unauthenticated access to private personal information (PII) via an API endpoint. It fetches a CSRF token and then queries the backend API to retrieve calendar events within a specified date range.

Description

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

Exploits (3)

exploitdb WORKING POC
by Alexandre ZANNI · rubywebappsphp
https://www.exploit-db.com/exploits/50871

This exploit targets an information disclosure vulnerability in Easy Appointments < 1.4.3, allowing unauthenticated access to private personal information (PII) via an API endpoint. It fetches a CSRF token and then queries the backend API to retrieve calendar events within a specified date range.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Easy Appointments < 1.4.3
No auth needed
Prerequisites: Target URL · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by Acceis · poc
https://github.com/Acceis/exploit-CVE-2022-0482

This is a functional exploit for CVE-2022-0482, an unauthenticated PII disclosure vulnerability in Easy!Appointments < 1.4.3. The script queries the API to retrieve sensitive appointment data, including customer and provider details.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Easy!Appointments < 1.4.3
No auth needed
Prerequisites: Target URL · Optional date range parameters
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by mija-pilkaite · infoleak
https://github.com/mija-pilkaite/CVE-2022-0482_exploit

This repository contains a functional Python exploit for CVE-2022-0482, an Incorrect Authorization vulnerability in Easy!Appointments versions prior to 1.4.3. The exploit leverages a missing authentication check on the `/index.php/backend_api/ajax_get_calendar_events` endpoint to retrieve sensitive appointment data.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Easy!Appointments < 1.4.3
No auth needed
Prerequisites: Network access to the target application · CSRF token extraction from an initial GET request
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Easy!Appointments <1.4.3 - Broken Access Control
CRITICALby francescocarlucci,opencirt

References (4)

Core 4

Scores

CVSS v3 9.1
EPSS 0.9079
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

VulnCheck KEV 2023-11-17
CWE
CWE-359 CWE-863
Status published
Products (2)
alextselegidis/easyappointments 0 - 1.4.3Packagist
easyappointments/easyappointments < 1.4.3
Published Mar 09, 2022
Tracked Since Feb 18, 2026