Jax Calendar v1.0 - v1.34 Admin Bypass

2018.08.03
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

------------------------------------------- Admin Bypass In Jax Calendar v1.0 - v1.34 By SonnySpooks ------------------------------------------- 1. [About App] ------------------------------------------- Jax Calendar is a popular calendar app used on Various sites. ------------------------------------------- 2. [Issue With It] The /admin directory requires no Login or Verification ------------------------------------------- 3. [Replication of attack] ------------------------------------------- http://www.salikum.de/modul/news/admin/?language=english http://www.bikersmechanic.de/apportal-3/calendar/admin/?language=english ------------------------------------------- ________ /\ \ / \ \ / \ \ / \_______\ \ / / ___\ / ____/___ /\ \ / /\ \ / \ \/___/ \ \ / \ \ \ \ / \_______\ \_______\ \ / / / / \ / / / / \ / /\ / / \/_______/ \/_______/ -------------------------------------------


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top