CVE-2008-6736

Flat Calendar 1.1 - Unauthenticated Event Addition and Deletion via Admin Functions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6736. PoCs published by Crackers_Child.

AI-analyzed exploit summary The provided text describes an authentication bypass vulnerability in Flat Calendar 1.1, where unauthenticated access to admin endpoints can lead to unauthorized configuration changes. No actual exploit code is present, only a description and example URLs.

Description

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Crackers_Child · textwebappsphp
https://www.exploit-db.com/exploits/31908

The provided text describes an authentication bypass vulnerability in Flat Calendar 1.1, where unauthenticated access to admin endpoints can lead to unauthorized configuration changes. No actual exploit code is present, only a description and example URLs.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Flat Calendar 1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29662
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43039
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493278/100/0/threaded
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/51506

Scores

EPSS 0.0220
EPSS Percentile 80.2%

Details

CWE
CWE-264
Status published
Products (1)
circulargenius/flat_calendar 1.1
Published Apr 21, 2009
Tracked Since Feb 18, 2026