4 matches found
Booked Scheduler 2.7.5 - Remote Command Execution Exploit
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581 !/usr/bin/python3...
Booked Scheduler 2.7.5 Shell Upload
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...
CVE-2019-9581
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...
CVE-2019-9581
Booked Scheduler 2.7.5 (phpscheduleit) is vulnerable to arbitrary file upload via the Favicon field. The root cause is that Presenters/Admin/ManageThemePresenter.php does not constrain image file extensions, allowing uploaded content to be executed as PHP code (Web/custom-favicon.php) on the serv...