Lucene search
K

4 matches found

0day.today
0day.today
added 2021/12/14 12:0 a.m.307 views

Booked Scheduler 2.7.5 - Remote Command Execution Exploit

Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581 !/usr/bin/python3...

8.8CVSS0.1349EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/14 12:0 a.m.326 views

Booked Scheduler 2.7.5 Shell Upload

Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...

8.8CVSS8.9AI score0.1349EPSS
Exploits4
Cvelist
Cvelist
added 2019/03/06 12:0 a.m.22 views

CVE-2019-9581

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...

8.9AI score0.1349EPSS
Exploits4References4
CVE
CVE
added 2019/03/06 12:0 a.m.58 views

CVE-2019-9581

Booked Scheduler 2.7.5 (phpscheduleit) is vulnerable to arbitrary file upload via the Favicon field. The root cause is that Presenters/Admin/ManageThemePresenter.php does not constrain image file extensions, allowing uploaded content to be executed as PHP code (Web/custom-favicon.php) on the serv...

8.8CVSS8.8AI score0.1349EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder