Brickhost: >> Phpscheduleit >> 1.0 Security Vulnerabilities
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVSS Score
6.8
EPSS Score
0.777
Published
2009-02-13
Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-08-31