Vulnerabilities > Twinkletoessoftware

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-22	CVE-2023-24058	Unspecified vulnerability in Twinkletoessoftware Booked 2.5.5 Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. network low complexity twinkletoessoftware	4.3
2019-03-06	CVE-2019-9581	Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. network low complexity twinkletoessoftware CWE-434	6.5

Vulnerabilities > Twinkletoessoftware {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Twinkletoessoftware"}]}