CVE-2025-25222

high

Description

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

References

https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984

https://www.luxsoft.eu/?download

https://jvn.jp/en/jp/JVN26024080/

Details

Source: Mitre, NVD

Published: 2025-02-18

Updated: 2025-02-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High