Totalcalendar@2.4 Security Vulnerabilities and Issues — Totalcalendar@2.4 CVE List

Lucene search

SweetphpTotalcalendar2.4

4 matches found

CVE•added 2009/04/24 2:30 p.m.•41 views

CVE-2009-1406

Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.

6.8CVSS7.3AI score0.01488EPSS

CVE•added 2010/07/28 2:43 p.m.•40 views

CVE-2009-4973

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

7.5CVSS8.6AI score0.00279EPSS

CVE•added 2010/07/28 2:43 p.m.•37 views

CVE-2009-4974

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

7.5CVSS7.4AI score0.00908EPSS

CVE•added 2010/07/12 1:27 p.m.•32 views

CVE-2009-4928

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

7.5CVSS7.7AI score0.15677EPSS