CVE-2025-0929

Published Jan 31, 2025

Last updated 22 days ago

CVSS critical 9.8

Overview

Description
SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.
Source
cve-coordination@incibe.es
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve-coordination@incibe.es
CWE-89

Social media

Hype score
Not currently trending

  1. [CVE-2025-0929: CRITICAL] TeamCal Neo v3.8.2 has a serious SQL injection flaw in '/teamcal/src/index.php' via the 'abs' parameter, enabling attackers to compromise database data. #cybersecurity#cybersecurity,#vulnerability https://t.co/00ueHMIlz3 https://t.co/Kq98i1P1U6

    @CveFindCom

    31 Jan 2025

    54 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-0929 SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious… https://t.co/Xf4sIN2x2n

    @CVEnew

    31 Jan 2025

    500 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References