Booked

Booked is vulnerable to RCE

May require admin level user to exploit

Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)Exploit Database

Usage : python exploit.py https://target:port username password

This version of the exploit works well

GitHub - hacknotes/Booked-Scheduler-v2.7.5-Remote-Command-Execution: Booked Scheduler v2.7.5 (Authenticated) RCE exploit implemented in Python 3GitHub

Practice boxes

Offsec Proving Grounds - Zino