CVE-2009-4974

HIGH

7.5

CVSS Severity Score

EPSS Score0.0120%

EPSS Percentile21.43th

PublishedJul 28, 2010

Last ModifiedApr 29, 2026

Vulnerability Description

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

Affected Platforms (CPE)

📦

Sweetphp

Totalcalendar

= 2.4

References & Advisories

🔗 http://www.exploit-db.com/exploits/9524

Related Vulnerabilities

CVE-2007-351510.0

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL ...

CVE-2009-49287.5

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code v...

CVE-2009-49297.5

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to chang...

CVE-2009-49737.5

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the sele...