CVE

Id
36853  
CVE No.
CVE-2008-6736  
Status
Candidate  
Description
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product"s security documentation.  
Phase
Assigned (20090421)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
401331 36853 CVE-2008-6736 BUGTRAQ:20080611 Flat Calendar v1.1 Remote Permission Bypass Vulnerability  View
401332 36853 CVE-2008-6736 URL:http://www.securityfocus.com/archive/1/archive/1/493278/100/0/threaded  View
401333 36853 CVE-2008-6736 BID:29662  View
401334 36853 CVE-2008-6736 URL:http://www.securityfocus.com/bid/29662  View
401335 36853 CVE-2008-6736 OSVDB:51506  View
401336 36853 CVE-2008-6736 URL:http://osvdb.org/51506  View
401337 36853 CVE-2008-6736 XF:flatcalendar-add-deleteevent-security-bypass(43039)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
43265 JVNDB-2009-004272 HoMaP-CMS における PHP リモートファイルインクルージョンの脆弱性 HoMaP-CMS の html/admin/modules/plugin_admin.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-6740 36853 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004272.html  View