CVE-2025-25222

Critical CVSS: 9.8

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

Vendor

Luxsoft

Product

Luxcal Web Calendar

CWE

CWE-89

Yayın Tarihi

2025-02-18 01:15:09

Güncelleme

2025-09-15 17:44:57

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-89 Luxcal Web Calendar CRITICAL Luxsoft 2025

Referanslar

https://jvn.jp/en/jp/JVN26024080/ https://www.luxsoft.eu/?download https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984

Benzer Kayıtlar

Critical

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection v…

Medium

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal v…

High

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authenti…