CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile26.72th
PublishedJul 12, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

Affected Platforms (CPE)

πŸ“¦
Sweetphp

Totalcalender

= 2.4

References & Advisories

πŸ”— http://secunia.com/advisories/34824
πŸ”— http://www.exploit-db.com/exploits/8496
πŸ”— http://www.securityfocus.com/bid/34619
πŸ”— http://secunia.com/advisories/34824
πŸ”— http://www.exploit-db.com/exploits/8496
πŸ”— http://www.securityfocus.com/bid/34619

Related Vulnerabilities

CVE-2009-427310.0

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...

CVE-2009-093910.0

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec confor...