TotalCalendar.Multiple.Remote.File.Inclusion

description-logoDescription

PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar, allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

affected-products-logoAffected Products

SweetPHP TotalCalendar 0

Impact logoImpact

Execute arbitrary PHP code.

recomended-action-logoRecommended Actions

Upgrade to version 2.402 :

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)