11 matches found
CVE-2025-25222
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...
CVE-2025-25221
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...
CVE-2025-25223
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
CVE-2025-25224
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
LuxSoft LuxCal Web Calendar SQL注入漏洞
LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A SQL injection vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.3.3M and prior to 5.3.3L, which stems from information in the database that could be deleted,...
Sql injection
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database...
CVE-2023-39939
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it...
CVE-2023-39543
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...
CVE-2021-45914
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...
CVE-2021-45915
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...
PT-2022-12464 · Luxsoft · Luxcal Web Calendar
Name of the Vulnerable Software and Affected Versions: LuxSoft LuxCal Web Calendar versions prior to 5.2.0 Description: An unauthenticated attacker can manipulate a POST request, allowing the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...