Lucene search

JpcertCVE-2023-39939

HistoryAug 21, 2023 - 9:15 a.m.

CVE-2023-39939

2023-08-2109:15:10

CWE-89

jpcert

web.nvd.nist.gov

cve-2023-39939

sql injection

luxcal web calendar

vulnerability

unauthenticated attacker

database security

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

Affected configurations

Nvd

Node

luxsoftluxcal_web_calendarRange<5.2.3m

Node

luxsoftluxcal_web_calendarRange<5.2.3l

VendorProductVersionCPE
luxsoftluxcal_web_calendar*cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
luxsoft	luxcal_web_calendar	*	cpe:2.3:a:luxsoft:luxcal_web_calendar::::::::

CNA Affected

[
  {
    "vendor": "LuxSoft ",
    "product": "LuxCal Web Calendar",
    "versions": [
      {
        "version": "prior to 5.2.3M (MySQL version)",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LuxSoft ",
    "product": "LuxCal Web Calendar",
    "versions": [
      {
        "version": "prior to 5.2.3L (SQLite version)",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN04876736/

www.luxsoft.eu/

www.luxsoft.eu/?download

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

Related for CVE-2023-39939