Security Advisory

CVE-2020-37077

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 22:01:44

Last updated 2026-02-04 16:08:47

Assigner VulnCheck

State PUBLISHED

Description

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable tn parameter to read files outside the intended directory by manipulating directory path traversal techniques.

← Browse all CVEs View on cve.org ↗