CNNVD-202602-248 Information

CNNVD ID

CNNVD-202602-248

Related CVE

CVE-2020-37077

• CNNVD Published: 2026-02-03

Description (Chinese)

Booked Scheduler是Booked公司的一个强大的日程安排解决方案程序。 Booked Scheduler 2.7.7版本存在路径遍历漏洞，该漏洞源于manage_email_templates.php脚本中的tn参数容易受到目录遍历攻击，可能导致读取未授权文件。

Description (English)

Booked Scheduler is a powerful scheduling solution for Booked. Booked Scheduler 2.7.7 has a loophole in its path, which stems from the fact that the tn parameters in the manage email templates.php script are vulnerable to a catalogue attack and may lead to unauthorised documents being read.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Booked

Published

2026-02-03

Last Modified

2026-02-24

References

https://sourceforge.net/projects/phpscheduleit/ https://web.archive.org/web/20190612055926/ https://www.bookedscheduler.com https://www.exploit-db.com/exploits/48428 https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal