CVE-2014-10014

Phpjabbers Event Booking Calendar - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/30913

References (4)

Scores

EPSS 0.0085
EPSS Percentile 75.0%

Details

CWE
CWE-352
Status published
Products (1)
phpjabbers/event_booking_calendar 2.0
Published Jan 13, 2015
Tracked Since Feb 18, 2026