CVE-2014-10014

Published: Jan 13, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.

Affected (1)

Products: Phpjabbers: Event Booking Calendar

1 product

Event Booking Calendar

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpjabbers Event Booking Calendar	Version 2.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/56373

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/90413

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/90414

Source: cve@mitre.org

http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/56373

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/90413

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/90414

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.