CVE-2023-47609

Name of the Vulnerable Software and Affected Versions OSS Calendar versions prior to 2.0.3

Description The issue allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. This can be achieved through SQL injection.

Recommendations For OSS Calendar versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting the privileges of authenticated users to minimize the risk of exploitation.