CVE-2008-6719

Name of the Vulnerable Software and Affected Versions U&M Software Event Lister (aka JustListIt) version 1.0

Description The issue allows remote attackers to have an unspecified impact due to the lack of administrative authentication for all scripts in the admin/ directory. This can be exploited via a direct request to various API endpoints, including "start.php", "aktivitet.php", "prop aktivitet.php", "kategorier.php", "konfig.php", "security.php", "manual.php", and possibly "index.php".

Recommendations For U&M Software Event Lister (aka JustListIt) version 1.0, consider implementing proper administrative authentication for all scripts in the admin/ directory to prevent unauthorized access. As a temporary workaround, restrict access to the admin/ directory and its scripts, such as "start.php", "aktivitet.php", "prop aktivitet.php", "kategorier.php", "konfig.php", "security.php", "manual.php", and "index.php", to minimize the risk of exploitation.