Vulnerabilities > CVE-2023-3287 - Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.