Cross-Site Request Forgery Vulnerabilities in PHPJabbers Event Booking Calendar
CVE-2014-10014

Currently unrated

Key Information:

Vendor: PHPjabbers
Status: Event Booking Calendar
Vendor: CVE Published:; 13 January 2015

What is CVE-2014-10014?

The PHPJabbers Event Booking Calendar version 2.0 is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. Attackers can exploit these weaknesses to hijack the administrator's authentication. For instance, they can change admin credentials through an update action targeting the AdminOptions controller. Additionally, these vulnerabilities facilitate cross-site scripting (XSS) attacks by manipulating the event_title parameter in the AdminEvents controller or the category_title parameter in the AdminCategories controller, thereby posing significant security risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90413

vdb-entryx_refsource_XF

https://exchange.xforce.ibmcloud.com/vulnerabilities/90414

vdb-entryx_refsource_XF

http://secunia.com/advisories/56373

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015

PHPjabbers

What is CVE-2014-10014?

References

Timeline