CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
luxsoftluxcal_web_calendar
𝑥
< 5.2.3m
luxsoftluxcal_web_calendar
𝑥
< 5.2.3l
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN04876736/
https://www.luxsoft.eu/
https://www.luxsoft.eu/?download
https://jvn.jp/en/jp/JVN04876736/
https://www.luxsoft.eu/
https://www.luxsoft.eu/?download