What the vulnerability does
01Description
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVSS base score
8.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
June 26, 2023
CVE published
December 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-3985 Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter
CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php
CVE-2025-47573 WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability
CVE-2026-46446
CVE-2024-12480 cjbi wetech-cms TopicDao.java searchTopic sql injection
