Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweetphp totalcalendar 2.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
Sweetphp Totalcalendar 2.4
NA
CVE-2009-4974
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote malicious users to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4929
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote malicious users to change arbitrary passwords via the newPW1 and newPW2 parameters.
Sweetphp Totalcalender 2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started