Vulnerabilities > Twinkletoessoftware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-22	CVE-2023-24058	Unspecified vulnerability in Twinkletoessoftware Booked 2.5.5 Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. network low complexity twinkletoessoftware	4.3
2022-07-26	CVE-2022-30706	Open Redirect vulnerability in Twinkletoessoftware Booked Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. network low complexity twinkletoessoftware CWE-601	6.1
2019-03-06	CVE-2019-9581	Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. network low complexity twinkletoessoftware CWE-434	8.8

Vulnerabilities > Twinkletoessoftware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Twinkletoessoftware"}]}