CVE-2020-37077 in Booked Scheduler
Summary
by MITRE • 02/04/2026
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/04/2026
The CVE-2020-37077 vulnerability represents a critical directory traversal flaw within the Booked Scheduler 2.7.7 web application that specifically targets the manage_email_templates.php script. This vulnerability fundamentally compromises the application's file system access controls and represents a serious security weakness that can be exploited by authenticated attackers with administrative privileges. The flaw exists due to insufficient input validation and sanitization of the 'tn' parameter, which is used to specify template names within the email template management functionality.
The technical exploitation of this vulnerability occurs through manipulation of the 'tn' parameter in the manage_email_templates.php script, allowing attackers to traverse directory paths beyond the intended scope of file access. This directory traversal technique enables attackers to navigate up the file system hierarchy using sequences like '../' or similar path manipulation methods, thereby accessing files outside the designated template directory. The vulnerability specifically affects the application's handling of template names and file paths, where user-supplied input is directly incorporated into file system operations without proper validation or sanitization mechanisms.
From an operational impact perspective, this vulnerability allows authenticated administrators to access unauthorized files that may contain sensitive information such as database credentials, application configuration files, source code, or other confidential data. The attack vector requires only an authenticated administrative account, making it particularly dangerous as it leverages legitimate administrative privileges to escalate access beyond normal boundaries. This weakness can potentially lead to complete system compromise when combined with other vulnerabilities or when attackers can obtain administrative credentials through social engineering or other means.
The vulnerability aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. This classification indicates that the flaw stems from inadequate input validation that fails to properly restrict file system access to authorized directories only. From an adversarial perspective, this vulnerability maps to several ATT&CK techniques including privilege escalation through credential access and defense evasion by allowing attackers to access files that might contain indicators of compromise or system information. The attack surface is particularly concerning as it enables lateral movement within the application's file system and potentially to adjacent systems if the application has access to sensitive data stores.
Organizations should implement immediate mitigations including input validation and sanitization of all user-supplied parameters, particularly those used in file system operations. The most effective remediation involves implementing a whitelist approach for template names and file paths, ensuring that only explicitly allowed values are processed. Additionally, implementing proper access controls and principle of least privilege configurations can limit the impact of such vulnerabilities. Regular security audits and code reviews focusing on file system operations should be conducted to identify similar path traversal vulnerabilities. Application developers should also consider implementing proper error handling and logging mechanisms to detect and respond to suspicious file access patterns. The vulnerability highlights the importance of secure coding practices and proper input validation in preventing directory traversal attacks that can compromise entire application environments.