Miggo Logo
Miggo Vulnerability Database
CVE-2022-1397

CVE-2022-1397: Privilege escalation in easyappointments

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-1397
GHSA ID
GHSA-7f62-4887-cfv5
EPSS Score
0.43618%
CWE
CWE-269
Published
5/11/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
alextselegidis/easyappointmentscomposer<= 1.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper privilege management in the authentication flow. The pre-patch auth() function in Api.php called check_login() to validate credentials but didn't check the returned user's role_slug. This meant any valid user (e.g., 'provider') could masquerade as an admin for API operations. The patch explicitly adds a role_slug === DB_SLUG_ADMIN check, confirming this was the missing security control. The function's location and purpose directly align with the described vulnerability mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **sy!*ppointm*nts *PI *ut*oriz*tion is ****k** ***inst t** us*r's *xist*n**, wit*out v*li**tin* t** p*rmissions. *s * r*sult, * low privil**** us*r (**. provi**r) **n *r**t* * n*w **min us*r vi* t** "/*pi/v*/**mins/" *n*point *n* t*k* ov*r t** sy

Reasoning

T** vuln*r**ility st*ms *rom improp*r privil*** m*n***m*nt in t** *ut**nti**tion *low. T** pr*-p*t** *ut*() *un*tion in *pi.p*p **ll** ****k_lo*in() to v*li**t* *r***nti*ls *ut *i*n't ****k t** r*turn** us*r's rol*_slu*. T*is m**nt *ny v*li* us*r (*.