Описание
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
Ссылки
- Third Party Advisory
- Product
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.3l (исключая)Версия до 5.3.3m (исключая)
Одно из
cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:sqlite:*:*:*:*:*
cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:mysql:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
5.8 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.8
github
12 месяцев назад
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
EPSS
Процентиль: 16%
0.00051
Низкий
5.8 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22