CVE-2009-4928

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

Date published : 2010-07-09

http://www.securityfocus.com/bid/34617

http://www.exploit-db.com/exploits/8494