CVE-2008-6356

evcal_events_calendar - Unauthenticated Sensitive Information Exposure via Direct Database Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6356. PoCs published by Cyber-Zone.

AI-analyzed exploit summary This is a writeup describing a ColdFusion Scripts evCal Events Calendar Remote Database Disclosure Vulnerability (CVE-2008-6356). It provides details about the vulnerability, including the affected software and potential impact, but does not include functional exploit code.

Description

evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cyber-Zone · textwebappsasp
https://www.exploit-db.com/exploits/7419

This is a writeup describing a ColdFusion Scripts evCal Events Calendar Remote Database Disclosure Vulnerability (CVE-2008-6356). It provides details about the vulnerability, including the affected software and potential impact, but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ColdFusion Scripts evCal Events Calendar
No auth needed
Prerequisites: access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47265
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7419
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34258

Scores

EPSS 0.0259
EPSS Percentile 83.2%

Details

CWE
CWE-264
Status published
Products (1)
donnafontenot/evcal_events_calendar
Published Mar 02, 2009
Tracked Since Feb 18, 2026