GCVE - cpe:2.3:a:jce-tech:php_calendars_script:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jce-tech:php_calendars_script:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jce Tech (`7f894f3f-c915-5846-8745-b90eaa4b1b64`)
Product	Php Calendars Script (`6bc924c5-42fe-5798-b0fc-334c40ee7277`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-0380`	vulnerable	2026-06-08 04:52:02.000140	Details available install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:45:12.147Z Open on db.gcve.eu Reference links http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt http://www.exploit-db.com/exploits/11082	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0376`	vulnerable	2026-06-08 04:52:01.994601	Details available Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375. Published: 2010-01-21T22:00:00.000Z Updated: 2024-08-07T00:45:12.154Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/55517 http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txt http://www.securityfocus.com/bid/40391 http://www.exploit-db.com/exploits/11082 http://secunia.com/advisories/38036	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0375`	vulnerable	2026-06-08 04:52:01.994156	Details available SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2010-01-21T22:00:00.000Z Updated: 2024-08-07T00:45:12.156Z Open on db.gcve.eu Reference links http://www.osvdb.org/61617 https://exchange.xforce.ibmcloud.com/vulnerabilities/55518 http://www.exploit-db.com/exploits/11082 http://secunia.com/advisories/38036 http://www.securityfocus.com/bid/40757	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3197`	vulnerable	2026-06-08 04:51:32.805585	Details available Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. Published: 2009-09-15T21:00:00.000Z Updated: 2024-09-17T01:46:08.770Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2009/2441 http://secunia.com/advisories/36484 http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.