74 matches found
CVE-2020-37077
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
CVE-2020-37077
Booked Scheduler 2.7.7 is affected by a directory traversal vulnerability in the manage_email_templates.php script. Authenticated administrators can use the vulnerable tn parameter to read files outside the intended directory. The underlying cause is improper directory traversal handling. Reporte...
CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
CVE-2020-37077 Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manageemailtemplates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
PT-2026-5828
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage email templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating...
Booked Scheduler 路径遍历漏洞
Booked Scheduler is a powerful scheduling solution provided by the Booked company. Version 2.7.7 of Booked Scheduler contains a path traversal vulnerability. This vulnerability stems from the tn parameter in the manageemailtemplates.php script, which exposes the script to directory traversal...
Booked Scheduler 2.5.15 Cross Site Request Forgery
A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...
WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booked versions = 3.0.0...
PT-2026-2166
Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47 Description The software contains a stored cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript. This is achieved by importing a specially crafted options file...
EUVD-2025-14959
Malicious code in bioql PyPI...
EUVD-2022-52536
Malicious code in bioql PyPI...
EUVD-2022-39112
Malicious code in bioql PyPI...
EUVD-2023-28121
Malicious code in bioql PyPI...
CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservationsave.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler Sep 6, 2022 Feature...
CVE-2022-30706
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
CVE-2022-36399
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n/a before 2.4.4...
CVE-2025-22634
Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...
CVE-2025-22634
Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...
CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a...
CVE-2025-22634 WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPres...