cbcvebase.
CVE-2023-24058
published 2023-01-22

CVE-2023-24058: Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE…

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.85%
53.6th percentile
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.

Affected

1 ranges
VendorProductVersion rangeFixed in
twinkletoessoftwarebooked
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.