← voltar
CVE-2020-37077

Booked Scheduler 2.7.7 - Authenticated Directory Traversal

CVSS 6.9 MEDIUMEPSS 0.6%CWE-22
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Twinkle Toes Software · Booked Scheduler

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://web.archive.org/web/20190612055926/https://sourceforge.net/projects/phpscheduleit/https://www.bookedscheduler.comhttps://www.exploit-db.com/exploits/48428https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal