27 matches found
CVE-2020-37077
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
CVE-2020-37077
Booked Scheduler 2.7.7 is affected by a directory traversal vulnerability in the manage_email_templates.php script. Authenticated administrators can use the vulnerable tn parameter to read files outside the intended directory. The underlying cause is improper directory traversal handling. Reporte...
CVE-2020-37077
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
Booked Scheduler 路径遍历漏洞
Booked Scheduler is a powerful scheduling solution provided by the Booked company. Version 2.7.7 of Booked Scheduler contains a path traversal vulnerability. This vulnerability stems from the tn parameter in the manageemailtemplates.php script, which exposes the script to directory traversal...
PT-2026-5828
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage email templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
Booked Scheduler 2.5.15 Cross Site Request Forgery
A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...
EUVD-2023-28121
Malicious code in bioql PyPI...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
Code injection
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
Booked Scheduler 安全漏洞
Booked Scheduler is a powerful scheduling solution program from Booked. A security vulnerability exists in Booked Scheduler version 2.5.5. An attacker exploits the vulnerability to create and schedule events for any other user by modifying the userId value...
CVE-2023-24058
The CVE-2023-24058 entry concerns Booked Scheduler 2.5.5 (2014) where an authenticated user can schedule events for another user by modifying the userId in reservation_save.php. The LabArchives Scheduler (2022 feature release) is also affected per linked references. The latest Booked Scheduler ve...
Cross-site Scripting (XSS) - Reflected in effgarces/bookedscheduler
Setup the Booked Scheduler locally.URL like the following. http://192.168.5.5/phpsch/ Attcker 2. Login as valid user. 3. Make an reservation from the dashboard. 4. Open the information you reserved.URL like the following http://192.168.5.5/Web/reservation.php?rn=62020af2eee4d833634703 5. The...
Booked Scheduler 2.7.5 - Remote Command Execution Exploit
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581 !/usr/bin/python3...
Booked Scheduler 2.7.5 Shell Upload
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...