Lucene search
K

11 matches found

OSV
OSV
added 2025/02/18 1:15 a.m.2 views

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

9.8CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2025/02/18 1:15 a.m.4 views

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 1:15 a.m.4 views

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

5.3CVSS5.8AI score0.00587EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 1:15 a.m.1 views

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...

7.5CVSS5.8AI score0.00533EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.4 views

LuxSoft LuxCal Web Calendar SQL注入漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A SQL injection vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.3.3M and prior to 5.3.3L, which stems from information in the database that could be deleted,...

9.8CVSS7.6AI score0.00439EPSS
Exploits0References5
Prion
Prion
added 2023/11/20 5:15 a.m.17 views

Sql injection

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database...

7.5CVSS8.2AI score0.0103EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/21 9:15 a.m.4 views

CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it...

9.1CVSS6.1AI score0.00705EPSS
Exploits0References3
OSV
OSV
added 2023/08/21 9:15 a.m.4 views

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

6.1CVSS6AI score0.00528EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 3:15 p.m.0 views

CVE-2021-45914

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

9.8CVSS7.2AI score
Exploits0References4
OSV
OSV
added 2022/05/24 3:15 p.m.1 views

CVE-2021-45915

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

9.8CVSS5.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/24 12:0 a.m.2 views

PT-2022-12464 · Luxsoft · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxSoft LuxCal Web Calendar versions prior to 5.2.0 Description: An unauthenticated attacker can manipulate a POST request, allowing the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

9.8CVSS9.3AI score0.01483EPSS
Exploits0References7
Rows per page
Query Builder