CVE-2010-0380

Name of the Vulnerable Software and Affected Versions JCE-Tech PHP Calendars version downloaded 20100121

Description The issue allows remote attackers to bypass intended access restrictions and modify application settings via a direct request to "install.php". This is only considered a problem when the administrator does not follow the recommendations outlined in the product's installation documentation.

Recommendations For the version downloaded 20100121, follow the installation documentation recommendations to prevent exploitation. As a temporary workaround, consider restricting access to the "install.php" file until the issue is properly addressed by following the documentation guidelines.