CVE-2006-0206

Light Weight Calendar (LWC) <1.0 - Code Injection

Title source: llm

Description

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1570

View Code ZIP pw:eip

References (9)

[Various Sources] http://attrition.org/pipermail/vim/2006-March/000612.html

[Exploit] http://evuln.com/vulns/29/exploit.html

[Exploit, Vendor Advisory] http://evuln.com/vulns/29/summary.html

[Exploit, Vendor Advisory] http://secunia.com/advisories/18450

[Exploit] http://www.securityfocus.com/bid/16229

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24110

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/421920

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22376

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0171

Scores

EPSS 0.1025

EPSS Percentile 93.2%

Details

Status published

Products (1)

light_weight_calendar/light_weight_calendar 1.0

Published Jan 13, 2006

Tracked Since Feb 18, 2026