Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-9581

Published: 06/03/2019 Updated: 31/03/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Booked

Vulnerability Summary

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

twinkletoessoftware booked 2.7.5

Exploits

Exploit DB: Booked Scheduler 2.7.5 Shell Upload
Booked Scheduler version 275 authenticated remote shell upload exploit ...

Github Repositories

https://github.com/F-Masood/Public_Exploits

Exploiting Booked Scheduler 2.7.5 - RCE without MSF.

Booked Scheduler 275 - Remote Command Execution Without Metasploit Dated: 23 Jan 2021 - Author: F-Masood Description: This is a manual way (without using metasploit) of exploiting the CVE 2019-9581 or EDB-ID:46486 vulnerablity Need: Just to avoid using MSF, I made this one ;-) Please note the original credit of finding this vulnerability goes to AKKUS ---> ww

https://github.com/F-Masood/Booked-Scheduler-2.7.5---RCE-Without-MSF

Exploiting Booked Scheduler 2.7.5 - RCE without MSF.

Booked Scheduler 275 - Remote Command Execution Without Metasploit Dated: 23 Jan 2021 - Author: F-Masood Description: This is a manual way (without using metasploit) of exploiting the CVE 2019-9581 or EDB-ID:46486 vulnerablity Need: Just to avoid using MSF, I made this one ;-) Please note the original credit of finding this vulnerability goes to AKKUS ---> ww

References

CWE-434https://www.exploit-db.com/exploits/46486https://sourceforge.net/p/phpscheduleit/source/ci/c5a86a279d888bd4362e4b4f61acedc054f99c39/https://pentest.com.tr/exploits/Booked-2-7-5-Remote-Command-Execution-Metasploit.htmlhttp://packetstormsecurity.com/files/165263/Booked-Scheduler-2.7.5-Shell-Upload.htmlhttps://nvd.nist.govhttps://github.com/F-Masood/Public_Exploitshttps://packetstormsecurity.com/files/165263/Booked-Scheduler-2.7.5-Shell-Upload.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook