CVE-2008-6736

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
Configurations

Configuration 1

cpe:2.3:a:circulargenius:flat_calendar:1.1:*:*:*:*:*:*:*

Information

Published : 2009-04-21 06:30

Updated : 2018-10-11 08:57


NVD link : CVE-2008-6736

Mitre link : CVE-2008-6736

Products Affected
CWE