Vulnerability Details : CVE-2023-24058
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.
Products affected by CVE-2023-24058
- cpe:2.3:a:twinkletoessoftware:booked:2.5.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-24058
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-24058
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2023-24058
-
https://github.com/LibreBooking/app/blob/0a6cb1a9eb84835553c8caf93db2791f8655140f/Pages/Ajax/ReservationSavePage.php#L234-L237
app/ReservationSavePage.php at 0a6cb1a9eb84835553c8caf93db2791f8655140f · LibreBooking/app · GitHubExploit;Third Party Advisory
-
https://www.bookedscheduler.com/the-future-of-booked/
Big Changes for Booked Scheduler – BookedVendor Advisory
-
https://s1n1st3r.gitbook.io/theb10g/booked-scheduler-v2.5.5-vulnerability
Booked v2.5.5/LabArchives Scheduler Vulnerability - theB10GExploit;Third Party Advisory
-
https://github.com/LibreBooking/app/tags?after=2.7.1
Tags · LibreBooking/app · GitHubThird Party Advisory
-
https://www.labarchives.com/labarchives-knowledge-base/2022-feature-releases-2/
2022 Feature Releases - LabArchivesRelease Notes;Vendor Advisory
-
https://github.com/LibreBooking/app/blob/0a6cb1a9eb84835553c8caf93db2791f8655140f/Web/ajax/reservation_save.php
app/reservation_save.php at 0a6cb1a9eb84835553c8caf93db2791f8655140f · LibreBooking/app · GitHubExploit;Third Party Advisory
-
https://www.limswiki.org/index.php/Booked
Booked - LIMSWikiThird Party Advisory
Jump to