Описание
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
Ссылки
- Third Party Advisory
- Product
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.3l (исключая)Версия до 5.3.3m (исключая)
Одно из
cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:sqlite:*:*:*:*:*
cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:mysql:*:*:*:*:*
EPSS
Процентиль: 14%
0.00047
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.3
github
12 месяцев назад
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
EPSS
Процентиль: 14%
0.00047
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-306