CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
luxsoftluxcal_web_calendar
𝑥
< 5.2.3m
luxsoftluxcal_web_calendar
𝑥
< 5.2.3l
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
luxcalweb_calendar
𝑥
< 5.2.3M
ADP
luxcalweb_calendar
𝑥
< 5.2.3L
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN04876736/
https://www.luxsoft.eu/
https://www.luxsoft.eu/?download
https://jvn.jp/en/jp/JVN04876736/
https://www.luxsoft.eu/
https://www.luxsoft.eu/?download