Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-04-21T18:07:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-04-21T00:00:00
Link: CVE-2008-6736
JSON object: View
NVD Information
Status : Modified
Published: 2009-04-21T18:30:00.327
Modified: 2018-10-11T20:57:39.890
Link: CVE-2008-6736
JSON object: View
Redhat Information
No data.
CWE