CVE-2014-10014

Exploit

EPSS 0.85%
Veröffentlicht 13.01.2015 11:59:22
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpjabbers ≫ Event Booking Calendar Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.73

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt

Exploit

http://secunia.com/advisories/56373

https://exchange.xforce.ibmcloud.com/vulnerabilities/90413

https://exchange.xforce.ibmcloud.com/vulnerabilities/90414

https://nvd.nist.gov/vuln/detail/CVE-2014-10014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-10014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-10014

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-10014