SQL Injection Vulnerability in TeamCal Neo by TeamCal
CVE-2025-0929

9.8CRITICAL

Key Information:

Vendor: Lewe
Status: Teamcal Neo
Vendor: CVE Published:; 31 January 2025

Summary

A SQL injection vulnerability exists in TeamCal Neo version 3.8.2, allowing attackers to execute unauthorized SQL commands. By manipulating the 'abs' parameter in the '/teamcal/src/index.php' file, an attacker can potentially retrieve, update, or delete sensitive database information, compromising the integrity and confidentiality of the data stored within the application.

Affected Version(s)

TeamCal Neo 3.8.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

Ignacio Garcia Mestre (Br4v3n)