Jax Calendar 1.34 Remote Admin Access Exploit

vendor:

Jax Calendar

by:

Sora

7.5

CVSS

HIGH

Remote Admin Access

264

CWE

Product Name: Jax Calendar

Affected Version From: 1.34

Affected Version To: 1.34

Patch Exists: NO

Related CWE: N/A

CPE: a:jtr:jax_calendar:1.34

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Vista and Linux (Backtrack 3)

2009

Jax Calendar 1.34 Remote Admin Access Exploit

Jax Calendar 1.34 suffers a remote admin access vulnerability. A POC is provided which involves accessing the calendar.admin.php file with a cal_id parameter set to 0 and a language parameter set to english.

Mitigation:

Add calendar.admin.php to your .htaccess file.

Source

Jax Calendar 1.34 Remote Admin Access Exploit

Mitigation:

Exploit-DB raw data: