2.7.5

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-06	CVE-2019-9581	Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. network low complexity twinkletoessoftware CWE-434	6.5