CVE-2008-6736

Name of the Vulnerable Software and Affected Versions: Flat Calendar version 1.1

Description: The issue arises from improper access restrictions to administrative functions. This allows remote attackers to add new events via "calAdd.php" or delete events via "admin/deleteEvent.php". It is noted that this is only a vulnerability if the administrator does not follow the recommendations outlined in the product's security documentation.

Recommendations: For Flat Calendar version 1.1, ensure that administrators follow the security recommendations provided in the product's documentation to mitigate the risk of unauthorized access to administrative functions. As a temporary workaround, consider restricting access to "calAdd.php" and "admin/deleteEvent.php" until proper access controls are implemented.