Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sweetphp totalcalendar 2.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
Sweetphp Totalcalendar 2.4
NA
CVE-2009-4974
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote malicious users to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote malicious users to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
NA
CVE-2009-4929
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote malicious users to change arbitrary passwords via the newPW1 and newPW2 parameters.
Sweetphp Totalcalender 2.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started