CVE-2009-4928 Information

Description

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter a different vector than CVE-2006-1922 and CVE-2006-7055.

Reference

http://www.exploit-db.com/exploits/8494 http://www.securityfocus.com/bid/34617