CSRF in Phpjabbers Event_booking_calendar
CVE-2014-10014
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the adminis…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.020 (77.9th percentile) — read the EPSS interpretation.
Affected products
- Phpjabbers Event_booking_calendar — versions 2.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)