-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| alextselegidis/easyappointments | composer | <= 1.4.3 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability was patched by adding role-based access control checks in the get_calendar_appointments method. The commit diff shows the original implementation did not filter appointments/unavailabilities by the current user's permissions. The function returned all entries regardless of ownership, enabling cross-provider data exposure. The added code in the patch explicitly filters results based on session user ID and role (provider/secretary), confirming this was the vulnerable entry point.
Ongoing coverage of React2Shell