CVE-2020-37077
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Twinkle Toes Software | Booked Scheduler | 2.7.7 | affected |
Weaknesses
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/48428
- https://www.bookedscheduler.com
- https://web.archive.org/web/20190612055926/https://sourceforge.net/projects/phpscheduleit/
- https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.