Sweetphp Totalcalendar — known CVE vulnerabilities
Every CVE whose affected-product data names Sweetphp Totalcalendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2007-3515 — CVSS 10.0 (critical): SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands…
CVE-2009-4928 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL…
CVE-2009-4973 — CVSS 7.5 (high): SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal…
CVE-2009-4974 — CVSS 7.5 (high): Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have…
CVE-2009-1406 — CVSS 6.8 (medium): Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local…
CVE-2006-7055 — CVSS 6.8 (medium): PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code…
CVE-2006-1922 — CVSS 6.4 (medium): PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP…