Sweetphp · Totalcalendar · CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.