CVE-2008-6357

MyCal Personal Events Calendar - Unauthenticated Sensitive Information Exposure via Direct Database Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6357. PoCs published by CoBRa_21.

AI-analyzed exploit summary This exploit discloses the path to the MyCal Personal Events Calendar's database file (mycal.mdb), allowing unauthorized access to sensitive data. The vulnerability is trivially exploited by directly accessing the database file via a predictable URL path.

Description

MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED
by CoBRa_21 · textwebappsasp
https://www.exploit-db.com/exploits/7420

This exploit discloses the path to the MyCal Personal Events Calendar's database file (mycal.mdb), allowing unauthorized access to sensitive data. The vulnerability is trivially exploited by directly accessing the database file via a predictable URL path.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MyCal Personal Events Calendar
No auth needed
Prerequisites: Network access to the target web server · Knowledge of the application's installation path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7420
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34261
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47266

Scores

EPSS 0.0259
EPSS Percentile 83.2%

Details

CWE
CWE-264
Status published
Products (1)
donnafontenot/mycal_personal_events_calendar
Published Mar 02, 2009
Tracked Since Feb 18, 2026