Vulnerability Description
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Luxsoft | Luxcal Web Calendar | < 5.2.4l |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN15005948/Third Party Advisory
- https://www.luxsoft.eu/Product
- https://www.luxsoft.eu/?downloadRelease Notes
- https://www.luxsoft.eu/lcforum/viewtopic.php?id=476Issue Tracking
- https://jvn.jp/en/jp/JVN15005948/Third Party Advisory
- https://www.luxsoft.eu/Product
- https://www.luxsoft.eu/?downloadRelease Notes
- https://www.luxsoft.eu/lcforum/viewtopic.php?id=476Issue Tracking
FAQ
What is CVE-2023-46700?
CVE-2023-46700 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbit...
How severe is CVE-2023-46700?
CVE-2023-46700 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-46700?
Check the references section above for vendor advisories and patch information. Affected products include: Luxsoft Luxcal Web Calendar.