Lucene search
K
SweetphpTotalcalendar

7 matches found

CVE
CVE
added 2009/04/24 2:0 p.m.54 views

CVE-2009-1406

TotalCalendar 2.4 is affected by a directory traversal in cms_detect.php: the include parameter is not properly validated, enabling remote attackers to include and execute local files. Exploitation example shown: include=../../../../../../BOOTSECT.BAK. Root cause is unsanitized input used in requ...

6.8CVSS7.3AI score0.01896EPSS
CVE
CVE
added 2010/07/27 6:39 p.m.51 views

CVE-2009-4973

TotalCalendar 2.4 is affected by a SQL injection in rss.php, exploitable via the selectedCal parameter in a SwitchCal action. The vulnerability allows remote attackers to execute arbitrary SQL commands. CVSS v2 base score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P). Referenced exploit appears at Exploit-DB ...

7.5CVSS8.6AI score0.00947EPSS
CVE
CVE
added 2006/04/20 6:0 p.m.50 views

CVE-2006-1922

CVE-2006-1922 concerns TotalCalendar: PHP remote file inclusion in TotalCalendar’s about.php and auth.php via inc_dir. The root cause is improper handling of the inc_dir URL parameter, allowing arbitrary PHP code execution if an attacker supplies a crafted URL. Affected software is TotalCalendar ...

6.4CVSS7.4AI score0.03EPSS
CVE
CVE
added 2007/02/24 12:0 a.m.50 views

CVE-2006-7055

CVE-2006-7055 describes a PHP remote file inclusion in TotalCalendar 2.30 and earlier. The vulnerability is triggered via the inc_dir parameter in index.php, allowing a remote attacker to cause arbitrary PHP code execution by supplying a URL. This is a separate vector from CVE-2006-1922 and CVE-2...

6.8CVSS7.6AI score0.05575EPSS
CVE
CVE
added 2010/07/27 6:39 p.m.46 views

CVE-2009-4974

TotalCalendar 2.4 is affected by a directory traversal vulnerability in box_display.php that allows remote attackers to read arbitrary files via a .. sequence in the box parameter. The issue is confirmed in multiple feeds (CVE-2009-4974; OpenVAS entry cites TotalCalendar SQL Injection and Directo...

7.5CVSS7.4AI score0.0232EPSS
CVE
CVE
added 2007/07/03 6:0 p.m.42 views

CVE-2007-3515

This CVE-2007-3515 entry describes a SQL injection in view_event.php of TotalCalendar 2.402 and earlier, exploitable via the id parameter to allow remote arbitrary SQL execution. The affected component is the view_event.php script; root cause is improper input handling in the query construction. ...

10CVSS8.4AI score0.01821EPSS
CVE
CVE
added 2010/07/09 5:0 p.m.42 views

CVE-2009-4928

CVE-2009-4928 describes a PHP remote file inclusion vulnerability in TotalCalendar 2.4, where an attacker can cause arbitrary PHP code execution via a URL in the inc_dir parameter of config.php. The entry notes a distinct vector from CVE-2006-1922 and CVE-2006-7055. The provided documents reitera...

7.5CVSS7.7AI score0.01316EPSS