Lucene search
MitreCVE-2009-4928HistoryJul 12, 2010 - 1:27 p.m.
CVE-2009-4928
2010-07-1213:27:16
CWE-94
mitre
web.nvd.nist.gov
20
cve-2009-4928
php
remote file inclusion
totalcalendar 2.4
security vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.178
Percentile
96.2%
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
Affected configurations
Node
sweetphptotalcalendarMatch2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sweetphp | totalcalendar | 2.4 | cpe:/a:sweetphp:totalcalendar:2.4::: |
Related
prion
prion
Remote file inclusion
2010-07-12 13:27:00
Remote file inclusion
2006-04-20 18:06:00
nvd
nvd
cvelist
cvelist
cve
cve
CVE-2006-7055
2007-02-24 00:28:00
CVE-2006-1922
2006-04-20 18:06:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.178
Percentile
96.2%
Related for CVE-2009-4928