CVE-2025-25224

High CVSS: 7.5

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

Vendor

Luxsoft

Product

Luxcal Web Calendar

CWE

CWE-306

Yayın Tarihi

2025-02-18 01:15:09

Güncelleme

2025-09-15 17:07:37

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-306 Luxcal Web Calendar HIGH Luxsoft 2025

Referanslar

https://jvn.jp/en/jp/JVN26024080/ https://www.luxsoft.eu/?download https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984

Benzer Kayıtlar

Critical

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection v…

Critical

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection v…

Medium

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal v…