CVE-2021-45914
LuxSoft LuxCal Web Calendar (prior to 5.2.0) is affected by an unauthenticated POST request manipulation that lets an attacker cause the attacker’s session to be authenticated as any registered LuxCal user, including an administrator. The root cause is improper handling of POST data that permits ...