📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global insider Education HIGH 6h Global supply_chain Software Development and Technology HIGH 11h Global apt Government/Critical Infrastructure CRITICAL 12h Global vulnerability Enterprise Software / Data Analytics CRITICAL 13h Global vulnerability Artificial Intelligence and Technology HIGH 16h Global general Technology and Artificial Intelligence MEDIUM 20h Global general Technology and Artificial Intelligence HIGH 21h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global insider Education HIGH 6h Global supply_chain Software Development and Technology HIGH 11h Global apt Government/Critical Infrastructure CRITICAL 12h Global vulnerability Enterprise Software / Data Analytics CRITICAL 13h Global vulnerability Artificial Intelligence and Technology HIGH 16h Global general Technology and Artificial Intelligence MEDIUM 20h Global general Technology and Artificial Intelligence HIGH 21h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global insider Education HIGH 6h Global supply_chain Software Development and Technology HIGH 11h Global apt Government/Critical Infrastructure CRITICAL 12h Global vulnerability Enterprise Software / Data Analytics CRITICAL 13h Global vulnerability Artificial Intelligence and Technology HIGH 16h Global general Technology and Artificial Intelligence MEDIUM 20h Global general Technology and Artificial Intelligence HIGH 21h Global vulnerability Higher Education CRITICAL 1d Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d
Vulnerabilities

CVE-2026-23622

High ⚡ Exploit Available
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST meth
CWE-352 — Weakness Type
Published: Jan 15, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
8.8
🔗 NVD Official
📄 Description (English)

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover.

🤖 AI Executive Summary

Easy!Appointments versions 1.5.2 and earlier contain a critical CSRF vulnerability in csrf_verify() that only protects POST requests, allowing attackers to perform state-changing operations via GET requests. This enables unauthorized creation of admin accounts, modification of admin credentials, and complete admin account takeover through crafted links or embedded requests. The vulnerability is actively exploitable and patches are available.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 18:41
🇸🇦 Saudi Arabia Impact Assessment
Saudi healthcare providers, private clinics, and dental practices using Easy!Appointments for patient scheduling face critical risk of admin account compromise. Government health facilities under MOH and private sector clinics could experience service disruption and data breach. Banking sector's appointment systems and ARAMCO's facility scheduling systems are at risk. Telecom providers (STC, Mobily, Zain) using this platform for customer service appointments could face operational disruption. The vulnerability enables complete system takeover without authentication, making it particularly dangerous for organizations handling sensitive patient or customer data under GDPR and Saudi data protection regulations.
🏢 Affected Saudi Sectors
Healthcare (MOH facilities, private clinics, dental practices) Banking and Financial Services Energy (ARAMCO, utilities) Telecommunications (STC, Mobily, Zain) Government Services Private Sector Service Providers
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all Easy!Appointments instances in your environment and document versions

2. Disable public access to Easy!Appointments if possible or restrict to VPN/internal networks only

3. Review admin account creation logs and audit all admin accounts for unauthorized additions

4. Force password reset for all admin accounts immediately

5. Check email settings and verify no unauthorized email changes were made



PATCHING:

1. Upgrade Easy!Appointments to version 1.5.3 or later immediately

2. Apply patches to all instances including development and staging environments

3. Test functionality thoroughly after patching before production deployment



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement Web Application Firewall (WAF) rules to block GET requests to sensitive endpoints (admin creation, settings modification)

2. Deploy reverse proxy with CSRF token validation for all state-changing operations

3. Implement strict Content Security Policy (CSP) headers

4. Enable HTTP-only and Secure flags on all cookies

5. Restrict access to Easy!Appointments admin panel to specific IP ranges

6. Implement rate limiting on admin-related endpoints



DETECTION:

1. Monitor for GET requests to /admin/appointments/save, /admin/users/save, /admin/settings/save endpoints

2. Alert on admin account creation events without corresponding login activity

3. Monitor for email configuration changes in application logs

4. Track failed CSRF token validations in web server logs

5. Implement IDS signatures for Easy!Appointments CSRF exploitation patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حدد جميع نسخ Easy!Appointments في بيئتك وتوثيق الإصدارات

2. عطل الوصول العام إلى Easy!Appointments إن أمكن أو قيده على الشبكات الداخلية/VPN فقط

3. راجع سجلات إنشاء حساب الإدارة وتدقيق جميع حسابات الإدارة للإضافات غير المصرح بها

4. فرض إعادة تعيين كلمة المرور لجميع حسابات الإدارة فوراً

5. تحقق من إعدادات البريد الإلكتروني والتحقق من عدم إجراء أي تغييرات بريد إلكتروني غير مصرح بها



التصحيح:

1. ترقية Easy!Appointments إلى الإصدار 1.5.3 أو أحدث فوراً

2. تطبيق التصحيحات على جميع النسخ بما في ذلك بيئات التطوير والاختبار

3. اختبر الوظائف بعناية بعد التصحيح قبل نشر الإنتاج



الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر طلبات GET للنقاط النهائية الحساسة

2. نشر وكيل عكسي مع التحقق من رمز CSRF لجميع العمليات التي تغير الحالة

3. تنفيذ رؤوس سياسة أمان المحتوى (CSP) صارمة

4. تفعيل أعلام HTTP-only و Secure على جميع ملفات تعريف الارتباط

5. تقييد الوصول إلى لوحة إدارة Easy!Appointments على نطاقات IP محددة

6. تنفيذ تحديد معدل على نقاط نهاية متعلقة بالإدارة



الكشف:

1. مراقبة طلبات GET إلى نقاط النهاية الحساسة

2. تنبيه أحداث إنشاء حساب الإدارة بدون نشاط تسجيل دخول مقابل

3. مراقبة تغييرات تكوين البريد الإلكتروني في سجلات التطبيق

4. تتبع فشل التحقق من رمز CSRF في سجلات خادم الويب

5. تنفيذ توقيعات IDS لأنماط استغلال CSRF في Easy!Appointments
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
5.1 - Access Control and Authentication 5.2 - Authorization and Access Rights Management 6.1 - Security of Data in Transit 6.2 - Security of Data at Rest 7.1 - Incident Detection and Response 8.1 - Security Awareness and Training
🔵 SAMA CSF
Governance - Risk Management Framework Protective - Access Control Protective - Data Protection Responsive - Incident Response Responsive - Business Continuity
🟡 ISO 27001:2022
A.5.1 - Policies for information security A.5.2 - Information security roles and responsibilities A.6.1 - Screening A.8.1 - User endpoint devices A.8.2 - Privileged access rights A.8.3 - Information access restriction A.13.1 - Network security perimeter A.14.1 - Information security requirements analysis and specification
🟣 PCI DSS v4.0.1
Requirement 6.5.9 - Protection against CSRF attacks Requirement 7.1 - Limit access to system components Requirement 8.1 - Assign unique ID to each person Requirement 8.2 - Ensure proper user authentication
📦 Affected Products / CPE 1 entries
easyappointments:easy\!appointments
📊 CVSS Score
8.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionR — Required
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.8
CWECWE-352
EPSS0.01%
Exploit ✓ Yes
Patch ✓ Yes
Published 2026-01-15
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
9.2
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
exploit-available CWE-352
🏢 Vendor Advisories
🔗 https://github.com/alextselegidis/easyappointments/s... 🔗 https://github.com/alextselegidis/easyappointments/s...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.