Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweetphp totalcalendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1922
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter.
Sweetphp Totalcalendar 2.2
Sweetphp Totalcalendar 2.1
Sweetphp Totalcalendar 2.0
1 EDB exploit
NA
CVE-2006-7055
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and previous versions allows remote malicious users to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
Sweetphp Totalcalendar
1 EDB exploit
NA
CVE-2007-3515
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Sweetphp Totalcalendar
1 EDB exploit
NA
CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
Sweetphp Totalcalendar 2.4
NA
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4974
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote malicious users to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4929
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote malicious users to change arbitrary passwords via the newPW1 and newPW2 parameters.
Sweetphp Totalcalender 2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started