Security Advisory

CVE-2019-9581

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-06 00:00:00

Last updated 2024-08-04 21:54:44

Assigner mitre

State PUBLISHED

Description

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.

← Browse all CVEs View on cve.org ↗