Volerion logoVolerion
Volerion logoVolerion

Easy!Appointments Booking Logic Flaw Leading to Denial-of-Service

Vulnerability

A booking logic vulnerability has been identified in Easy!Appointments version 1.5.1. This flaw allows unauthenticated attackers to create appointments with excessively long durations. As a result, the vulnerability disrupts normal scheduling by blocking all future booking availability, effectively causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition by blocking future booking availability.

Reproduction

To reproduce this vulnerability, intercept an appointment booking request and locate the 'post_data[appointment][end_datetime]' parameter in the request body. Modify this parameter to a date far in the future and send the request. The application will accept the long booking, which blocks all future availability.

Remediation

Users can update to Easy!Appointments version 1.6.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
9.7
remediation
0.0
relevance
0.0
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.