CVE-2023-39939

Summary

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

Affected Software

VendorProductVersion RangeStatus
LuxSoftLuxCal Web Calendarprior to 5.2.3M (MySQL version)affected
LuxSoftLuxCal Web Calendarprior to 5.2.3L (SQLite version)affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References