Vulnerabilities > Sweetphp > Totalcalender
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-12 | CVE-2009-4929 | Improper Authentication vulnerability in Sweetphp Totalcalender 2.4 admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters. | 7.5 |