2026-02-03 22:01:44
VulnCheck
PUBLISHED
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable tn parameter to read files outside the intended directory by manipulating directory path traversal techniques.