Sweetphp Totalcalendar vulnerabilities
7 known vulnerabilities affecting sweetphp/totalcalendar.
Total CVEs
7
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2007-3515P3CRITICALCVSS 10.0PoC≤ 2.4022007-07-03
CVE-2007-3515 [CRITICAL] CVE-2007-3515: SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attac
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2009-4973P3HIGHCVSS 7.5PoCv2.42010-07-28
CVE-2009-4973 [HIGH] CWE-89 CVE-2009-4973: SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbit
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
nvd
CVE-2009-4974P3HIGHCVSS 7.5PoCv2.42010-07-28
CVE-2009-4974 [HIGH] CWE-22 CVE-2009-4974: Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
nvd
CVE-2006-1922P3MEDIUMCVSS 6.4PoCv2.0v2.1+1 more2006-04-20
CVE-2006-1922 [MEDIUM] CVE-2006-1922: PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows rem
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
nvd
CVE-2009-1406P3MEDIUMCVSS 6.8PoCv2.42009-04-24
CVE-2009-1406 [MEDIUM] CWE-22 CVE-2009-1406: Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
nvd
CVE-2006-7055P3MEDIUMCVSS 6.8PoC≤ 2.302007-02-24
CVE-2006-7055 [MEDIUM] CVE-2006-7055: PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
nvd
CVE-2009-4928P3HIGHCVSS 7.5v2.42010-07-12
CVE-2009-4928 [HIGH] CVE-2009-4928: PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers t
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
nvd