Lucene search
JpcertCVELIST:CVE-2023-46700HistoryNov 20, 2023 - 4:47 a.m.
CVE-2023-46700
2023-11-2004:47:07
jpcert
www.cve.org
1
sql injection
luxcal web calendar
remote attacker
arbitrary sql commands
alter database
cve-2023-46700
0.001 Low
EPSS
Percentile
24.4%
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.
CNA Affected
[
{
"vendor": "LuxSoft",
"product": "LuxCal Web Calendar",
"versions": [
{
"version": "prior to 5.2.4M (MySQL version)",
"status": "affected"
}
]
},
{
"vendor": "LuxSoft",
"product": "LuxCal Web Calendar",
"versions": [
{
"version": "prior to 5.2.4L (SQLite version)",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2023-46700
2023-11-20 05:15:08
nvd
nvd
CVE-2023-46700
2023-11-20 05:15:08
prion
prion
Sql injection
2023-11-20 05:15:00
jvn
jvn
JVN#15005948: Multiple vulnerabilities in LuxCal Web Calendar
2023-11-20 00:00:00