CVE-2014-10001

PHPJabbers Appointment Scheduler 2.0 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10001. PoCs published by HackXBack.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Appointment Scheduler V2.0, including XSS, CSRF, and local file disclosure. It provides functional PoC code for each vulnerability, leveraging HTML forms and path traversal techniques.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.

Exploits (1)

exploitdb WORKING POC

by HackXBack · textwebappsphp

https://www.exploit-db.com/exploits/30911

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Appointment Scheduler V2.0, including XSS, CSRF, and local file disclosure. It provides functional PoC code for each vulnerability, leveraging HTML forms and path traversal techniques.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Appointment Scheduler V2.0

No auth needed

Prerequisites: Victim interaction for XSS/CSRF · Network access to the target application

MITRE ATT&CK