Sweetphp ≫ Totalcalendar

SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.

PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.