Vulnerabilities > JCE Tech > PHP Calendars Script

DATE CVE VULNERABILITY TITLE RISK
2010-01-22 CVE-2010-0380 Permissions, Privileges, and Access Controls vulnerability in Jce-Tech PHP Calendars Script
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request.
network
low complexity
jce-tech CWE-264
5.0
5.0
2010-01-21 CVE-2010-0376 Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
network
jce-tech CWE-79
4.3
4.3
2010-01-21 CVE-2010-0375 SQL Injection vulnerability in Jce-Tech PHP Calendars Script
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
network
low complexity
jce-tech CWE-89
7.5
7.5
2009-09-15 CVE-2009-3197 Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.
network
jce-tech CWE-79
4.3
4.3