Circulargenius » Flat Calendar : Security Vulnerabilities, CVEs,
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
Max CVSS
6.4
EPSS Score
2.18%
Published
2009-04-21
Updated
2018-10-11
1 vulnerabilities found