CVE-2025-25223

Medium CVSS: 5.3

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

Vendor

Luxsoft

Product

Luxcal Web Calendar

CWE

CWE-22

Yayın Tarihi

2025-02-18 01:15:09

Güncelleme

2025-09-15 17:13:19

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-22 Luxcal Web Calendar MEDIUM Luxsoft 2025

Referanslar

https://jvn.jp/en/jp/JVN26024080/ https://www.luxsoft.eu/?download https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984

Benzer Kayıtlar

Critical

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection v…

Critical

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection v…

High

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authenti…