CVE-2006-0206

Light Weight Calendar (LWC) <1.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0206.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in Light Weight Calendar 1.* by sending a crafted HTTP request with a 'passthru' function call, allowing remote command execution. The exploit uses LWP::Simple to interact with the target and includes a loop for repeated command execution.

Description

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1570

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in Light Weight Calendar 1.* by sending a crafted HTTP request with a 'passthru' function call, allowing remote command execution. The exploit uses LWP::Simple to interact with the target and includes a loop for repeated command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Light Weight Calendar 1.*

No auth needed

Prerequisites: Network access to the target web application · Light Weight Calendar 1.* installed and accessible

MITRE ATT&CK