Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6736

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-6736
Last Modified 22 Apr 2009 12:00:00
Published 21 Apr 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6736

Summary

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Vulnerable Systems

Application

  • Circulargenius Flat Calendar 1.1


References

XF - flatcalendar-add-deleteevent-security-bypass(43039)

BID - 29662

BUGTRAQ - 20080611 Flat Calendar v1.1 Remote Permission Bypass Vulnerability

OSVDB - 51506


Last Updated: 27 May 2016 10:49:18