CVE-2023-24058
Summary
| CVE | CVE-2023-24058 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-22 06:15:00 UTC |
| Updated | 2023-01-31 18:15:00 UTC |
| Description | Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Twinkletoessoftware | Booked | 2.5.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2022 Feature Releases - LabArchives | MISC | www.labarchives.com | |
| app/ReservationSavePage.php at 0a6cb1a9eb84835553c8caf93db2791f8655140f · LibreBooking/app · GitHub | MISC | github.com | |
| Tags · LibreBooking/app · GitHub | MISC | github.com | |
| Booked - LIMSWiki | MISC | www.limswiki.org | |
| Booked Scheduler v2.5.5 Vulnerability - theB10G | MISC | s1n1st3r.gitbook.io | |
| Big Changes for Booked Scheduler – Booked | MISC | www.bookedscheduler.com | |
| app/reservation_save.php at 0a6cb1a9eb84835553c8caf93db2791f8655140f · LibreBooking/app · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.