CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3515

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile2.21th
PublishedJul 3, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

πŸ“¦
Sweetphp

Totalcalendar

<= 2.402

References & Advisories

πŸ”— http://osvdb.org/36337
πŸ”— http://secunia.com/advisories/25899
πŸ”— http://www.securityfocus.com/bid/24716
πŸ”— http://www.vupen.com/english/advisories/2007/2401
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35189
πŸ”— https://www.exploit-db.com/exploits/4130
πŸ”— http://osvdb.org/36337
πŸ”— http://secunia.com/advisories/25899

Related Vulnerabilities

CVE-2009-49287.5

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code v...

CVE-2009-49297.5

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to chang...

CVE-2009-49737.5

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the sele...

CVE-2009-49747.5

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and poss...