Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweetphp totalcalendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1922
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter.
Sweetphp Totalcalendar 2.2
Sweetphp Totalcalendar 2.0
Sweetphp Totalcalendar 2.1
1 EDB exploit
NA
CVE-2007-3515
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Sweetphp Totalcalendar
1 EDB exploit
NA
CVE-2006-7055
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and previous versions allows remote malicious users to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
Sweetphp Totalcalendar
1 EDB exploit
NA
CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
Sweetphp Totalcalendar 2.4
NA
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4974
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote malicious users to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4929
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote malicious users to change arbitrary passwords via the newPW1 and newPW2 parameters.
Sweetphp Totalcalender 2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started