Vulnerabilities

CVE-2019-9581

by Fred · 05/03/2019

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.

Date published : 2019-03-05

https://www.exploit-db.com/exploits/46486

https://pentest.com.tr/exploits/Booked-2-7-5-Remote-Command-Execution-Metasploit.html

Similar

Tags: Cybersecurity Alert