CVE-2017-2150

MEDIUM

Booking Calendar <7.0 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.

References (2)

[Third Party Advisory, VDB Entry] http://jvn.jp/en/jp/JVN18739672/index.html

[Release Notes, Vendor Advisory] http://wpbookingcalendar.com/changelog/

Scores

CVSS v3 5.3

EPSS 0.0120

EPSS Percentile 78.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

booking_calendar_project/booking_calendar < 7.0

wpdevelop/Booking Calendar < version 7.0 and earlier

Timeline

Published Apr 28, 2017

Tracked Since Feb 18, 2026