cpe:/a:sweetphp:totalcalendar:2.4 CVE-2009-4973 2010-07-28T10:43:41.697-04:00 2017-09-18T21:30:08.157-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-07-28T17:12:00.000-04:00 EXPLOIT-DB 9524 SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.