Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6736


Vulnerability Score 6.4 6.4
CVE Id CVE-2008-6736
Last Modified 22 Apr 2009 12:00:00
Published 21 Apr 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Vulnerable Systems


  • Circulargenius Flat Calendar 1.1


XF - flatcalendar-add-deleteevent-security-bypass(43039)

BID - 29662

BUGTRAQ - 20080611 Flat Calendar v1.1 Remote Permission Bypass Vulnerability

OSVDB - 51506

Last Updated: 27 May 2016 10:49:18