CVE-2023-0675

Name of the Vulnerable Software and Affected Versions Calendar Event Management System version 2.3.0

Description A critical issue was found in the system, affecting an unknown part. The manipulation of the start and end arguments leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Calendar Event Management System version 2.3.0, consider restricting access to the SQL database to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the start and end arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.