Luxsoft: >> Luxcal Web Calendar >> 5.2.4l Security Vulnerabilities
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-02-18
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-02-18
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
CVSS Score
5.8
EPSS Score
0.001
Published
2025-02-18
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-02-18