CVE-2008-6356

Name of the Vulnerable Software and Affected Versions: evCal Events Calendar (affected versions not specified)

Description: The issue concerns the storage of sensitive information under the web root with insufficient access control. This allows remote attackers to download a database containing usernames and passwords via direct requests to API endpoints such as "/evcal.mdb" and "/evcal97.mdb".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.