4 matches found
CVE-2023-39939
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it...
CVE-2023-39939
CVE-2023-39939 describes an SQL injection in LuxCal Web Calendar prior to 5.2.3M (MySQL) and prior to 5.2.3L (SQLite), allowing remote, unauthenticated attackers to execute arbitrary queries and access/alter data. Connected sources confirm affected LuxCal Web Calendar components and indicate miti...
JVN#04876736: Multiple vulnerabilities in LuxCal Web Calendar
LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQL...
SQLite report about CVE-2023-39939
This is not a bug in SQLite. This is an SQL injection bug in an application LuxCal Web Calendar that links against SQLite. Even though this CVE is not about SQLite, "SQLite" is mentioned in the description and so we list it here...