CVE-2025-0929 Information

Description

SQL injection vulnerability in TeamCal Neo version 3.8.2. This could allow an attacker to retrieve update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo