CVE-2009-4973

HIGH

7.5

CVSS Severity Score

EPSS Score0.1180%

EPSS Percentile26.68th

PublishedJul 28, 2010

Last ModifiedApr 29, 2026

Vulnerability Description

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

Affected Platforms (CPE)

📦

Sweetphp

Totalcalendar

= 2.4

References & Advisories

🔗 http://www.exploit-db.com/exploits/9524

Related Vulnerabilities

CVE-2007-351510.0

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL ...

CVE-2009-49287.5

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code v...

CVE-2009-49297.5

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to chang...

CVE-2009-49747.5

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and poss...