CVE-2024-57602

CVE-2024-57602 is a privilege escalation vulnerability in Alex Tselegidis EasyAppointments version 1.5.0. The flaw exists in the index.php file, allowing a remote attacker to improperly elevate their access level. It has been assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management), though additional CWE details are unavailable from NVD.

The vulnerability can be exploited by any remote attacker with network access, requiring no authentication privileges, low complexity, and no user interaction. Successful exploitation enables the attacker to gain elevated privileges, resulting in high impacts across confidentiality, integrity, and availability, potentially allowing full compromise of the affected EasyAppointments instance.

Mitigation details are available in the advisory published at https://hkohi.ca/vulnerability/12, which was referenced alongside the CVE disclosure on 2025-02-12. Security practitioners should consult this source for patching instructions or workarounds specific to EasyAppointments v1.5.0.