CVE-2010-0380 - OpenCVE

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jce-tech	Php Calendars Script

Configuration 1 [-]

cpe:2.3:a:jce-tech:php_calendars_script:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt	Exploit
http://www.exploit-db.com/exploits/11082	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-22T21:20:00

Updated: 2010-06-17T09:00:00

Reserved: 2010-01-22T00:00:00

Link: CVE-2010-0380

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-01-22T22:00:00.693

Modified: 2010-01-25T05:00:00.000

Link: CVE-2010-0380

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-06-17T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt"}, {"name": "11082", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/11082"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt"}, {"name": "11082", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/11082"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0380", "datePublished": "2010-01-22T21:20:00", "dateReserved": "2010-01-22T00:00:00", "dateUpdated": "2010-06-17T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}