CVE-2025-0929 – TeamCal Neo SQL Injection Vulnerability

The following table lists the changes that have been made to the CVE-2025-0929 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 31, 2025

    Action Type Old Value New Value
    Added Description SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-89
    Added Reference https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo

نوشته های مشابه

CVE-2024-12248 – Citrix NetScaler Remote Code Execution Vulnerability

CVE-2024-23928 – Pioneer DMH-WT7600NEX Certificate Validation Vulnerability

CVE-2024-23963 – Alpine Halo9 Bluetooth PBAP Code Execution Vulnerability

CVE-2024-23920 – ChargePoint Home Flex Unauthenticated Root Remote Code Execution