SQL Injection Vulnerability in OSS Calendar v.2.0.3 and Earlier: Remote Code Execution and Database Manipulation

SQL Injection Vulnerability in OSS Calendar v.2.0.3 and Earlier: Remote Code Execution and Database Manipulation

CVE-2023-47609 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.

Learn more about our Web Application Penetration Testing UK.