Описание
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:twinkletoessoftware:booked:2.5.5:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00481
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014.
EPSS
Процентиль: 65%
0.00481
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284