Vulnerabilities > Twinkletoessoftware > Booked > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-22 | CVE-2023-24058 | Unspecified vulnerability in Twinkletoessoftware Booked 2.5.5 Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. | 4.3 |
2019-03-06 | CVE-2019-9581 | Unrestricted Upload of File with Dangerous Type vulnerability in Twinkletoessoftware Booked 2.7.5 phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension. | 6.5 |