Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-9581

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.179
EPSS Ranking 94.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2019-9581


Contact Us

Shodan ® - All rights reserved