Medium severity6.5NVD Advisory· Published Feb 3, 2026· Updated Apr 15, 2026
CVE-2020-37077
CVE-2020-37077
Description
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =2.7.7
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.