CVE-2020-37077

MEDIUM

Booked Scheduler 2.7.7 - Path Traversal

Title source: llm

Description

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.

Exploits (1)

exploitdb WORKING POC

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48428

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48428

[Various Sources] https://www.bookedscheduler.com

[Product] https://web.archive.org/web/20190612055926/https://sourceforge.net/projects/phpscheduleit/

[Third Party Advisory] https://www.vulncheck.com/advisories/booked-scheduler-authenticated-directory-traversal

Scores

CVSS v3 6.5

EPSS 0.0020

EPSS Percentile 42.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Twinkle Toes Software/Booked Scheduler 2.7.7

Published Feb 03, 2026

Tracked Since Feb 18, 2026