CVE-2025-0929 – TeamCal Neo SQL Injection Vulnerability

The following table lists the changes that have been made to the CVE-2025-0929 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 31, 2025

    Action Type Old Value New Value
    Added Description SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-89
    Added Reference https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo

نوشته های مشابه

CVE-2024-23969 – ChargePoint Home Flex Rce (Buffer Overflow)

CVE-2024-23971 – ChargePoint Home Flex Root Arbitrary Code Execution

CVE-2024-23973 – Silicon Labs Gecko OS HTTP GET Request Buffer Overflow Allows Arbitrary Code Execution over the Network

CVE-2024-12248 – Citrix NetScaler Remote Code Execution Vulnerability