Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Circulargenius Flat Calendar多个管理脚本身份认证绕过漏洞
Vulnerability Description
Flat Calendar 1.1版本没有正确的限制对管理函数的访问,这使得远程攻击者可以(1)借助calAdd.php添加新事件(可从admin/add.php中读取)或(2)借助admin/deleteEvent.php删除事件。
CVSS Information
N/A
Vulnerability Type
N/A