CVE-2006-1252

Light Weight Calendar (LWC) 1.0 - Code Injection

Title source: llm

Description

Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/1570

View Code ZIP pw:eip

References (3)

[Various Sources] http://attrition.org/pipermail/vim/2006-March/000612.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1570

[Exploit] http://www.securityfocus.com/bid/17059

Scores

EPSS 0.0579

EPSS Percentile 90.5%

Details

Status published

Products (1)

light_weight_calendar/light_weight_calendar 1.0

Published Mar 19, 2006

Tracked Since Feb 18, 2026