CVE-2025-25222

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M (MySQL version) LuxCal Web Calendar versions prior to 5.3.3L (SQLite version)

Description: The issue concerns an SQL injection vulnerability in the retrieve.php file. If exploited, this vulnerability may allow information in a database to be deleted, altered, or retrieved.

Recommendations: For versions prior to 5.3.3M (MySQL version), update to version 5.3.3M or later. For versions prior to 5.3.3L (SQLite version), update to version 5.3.3L or later. As a temporary workaround, consider restricting access to the retrieve.php file until a patch is applied.