CVE-2023-46700 Information

Description

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request and obtain or alter information stored in the database.

Reference

https://www.luxsoft.eu/ https://www.luxsoft.eu/?download https://www.luxsoft.eu/lcforum/viewtopic.php?id=476 https://jvn.jp/en/jp/JVN15005948/