First published: Mon Aug 21 2023(Updated: )
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Luxsoft Luxcal Web Calendar | <5.2.3m | |
Luxsoft Luxcal Web Calendar | <5.2.3l |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-39939 is a SQL injection vulnerability in LuxCal Web Calendar prior to versions 5.2.3M (MySQL version) and 5.2.3L (SQLite version).
The severity of CVE-2023-39939 is critical with a value of 9.1.
CVE-2023-39939 allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
LuxCal Web Calendar versions prior to 5.2.3M (MySQL version) and 5.2.3L (SQLite version) are affected by CVE-2023-39939.
You can find more information about CVE-2023-39939 on the official LuxCal Web Calendar website and the JVN (Japan Vulnerability Notes) website.