Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Booked Scheduler by Twinkle Toes Software
CVE-2020-37077 (GCVE-0-2020-37077)
Vulnerability from nvd – Published: 2026-02-03 22:01 – Updated: 2026-02-04 16:08
VLAI
Title
Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Summary
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48428 | exploit |
| https://www.bookedscheduler.com | product |
| https://web.archive.org/web/20190612055926/https:… | product |
| https://www.vulncheck.com/advisories/booked-sched… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Twinkle Toes Software | Booked Scheduler |
Affected:
2.7.7
|
Date Public
2020-05-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37077",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:08:37.407072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:08:47.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Booked Scheduler",
"vendor": "Twinkle Toes Software",
"versions": [
{
"status": "affected",
"version": "2.7.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Besim ALTINOK"
}
],
"datePublic": "2020-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable \u0027tn\u0027 parameter to read files outside the intended directory by manipulating directory path traversal techniques."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:44.235Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48428",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48428"
},
{
"name": "Booked Scheduler Official Website",
"tags": [
"product"
],
"url": "https://www.bookedscheduler.com"
},
{
"name": "Archived Booked Scheduler SourceForge Page",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20190612055926/https://sourceforge.net/projects/phpscheduleit/"
},
{
"name": "VulnCheck Advisory: Booked Scheduler 2.7.7 - Authenticated Directory Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal"
}
],
"title": "Booked Scheduler 2.7.7 - Authenticated Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37077",
"datePublished": "2026-02-03T22:01:44.235Z",
"dateReserved": "2026-02-01T13:16:06.485Z",
"dateUpdated": "2026-02-04T16:08:47.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37077 (GCVE-0-2020-37077)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-02-04 16:08
VLAI
Title
Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Summary
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48428 | exploit |
| https://www.bookedscheduler.com | product |
| https://web.archive.org/web/20190612055926/https:… | product |
| https://www.vulncheck.com/advisories/booked-sched… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Twinkle Toes Software | Booked Scheduler |
Affected:
2.7.7
|
Date Public
2020-05-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37077",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:08:37.407072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:08:47.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Booked Scheduler",
"vendor": "Twinkle Toes Software",
"versions": [
{
"status": "affected",
"version": "2.7.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Besim ALTINOK"
}
],
"datePublic": "2020-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable \u0027tn\u0027 parameter to read files outside the intended directory by manipulating directory path traversal techniques."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:44.235Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48428",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48428"
},
{
"name": "Booked Scheduler Official Website",
"tags": [
"product"
],
"url": "https://www.bookedscheduler.com"
},
{
"name": "Archived Booked Scheduler SourceForge Page",
"tags": [
"product"
],
"url": "https://web.archive.org/web/20190612055926/https://sourceforge.net/projects/phpscheduleit/"
},
{
"name": "VulnCheck Advisory: Booked Scheduler 2.7.7 - Authenticated Directory Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal"
}
],
"title": "Booked Scheduler 2.7.7 - Authenticated Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37077",
"datePublished": "2026-02-03T22:01:44.235Z",
"dateReserved": "2026-02-01T13:16:06.485Z",
"dateUpdated": "2026-02-04T16:08:47.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}