CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4928

HIGH
7.5
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile15.78th
PublishedJul 12, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

Affected Platforms (CPE)

πŸ“¦
Sweetphp

Totalcalendar

= 2.4

References & Advisories

πŸ”— http://www.exploit-db.com/exploits/8494
πŸ”— http://www.securityfocus.com/bid/34617
πŸ”— http://www.exploit-db.com/exploits/8494
πŸ”— http://www.securityfocus.com/bid/34617

Related Vulnerabilities

CVE-2007-351510.0

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL ...

CVE-2009-49297.5

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to chang...

CVE-2009-49737.5

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the sele...

CVE-2009-49747.5

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and poss...