CVE-2006-1252

Light Weight Calendar (LWC) 1.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1252. PoCs published by Hessam-x.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in Light Weight Calendar 1.* by sending a crafted HTTP request with a malicious 'hx' parameter, which is passed to the 'passthru' function, allowing remote command execution.

Description

Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/1570

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in Light Weight Calendar 1.* by sending a crafted HTTP request with a malicious 'hx' parameter, which is passed to the 'passthru' function, allowing remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Light Weight Calendar 1.*

No auth needed

Prerequisites: Network access to the target application · Light Weight Calendar 1.* installed and accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources mailing-list x_refsource_vim

http://attrition.org/pipermail/vim/2006-March/000612.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1570

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17059

Scores

EPSS 0.0255

EPSS Percentile 83.0%

Details

Status published

Products (1)

light_weight_calendar/light_weight_calendar 1.0

Published Mar 19, 2006

Tracked Since Feb 18, 2026