Vulnerabilities > CVE-2006-0206 - Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

light-weight-calendar

exploit available

NVD

Published: 2006-01-13

Updated: 2017-07-20

Summary

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Vulnerable Configurations

Part	Description	Count
Application	Light_Weight_Calendar Light Weight Calendar Light Weight Calendar 1.0	1

Exploit-Db

description	Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability. CVE-2006-0206,CVE-2006-1252. Webapps exploit for php platform
file	exploits/php/webapps/1570.pl
id	EDB-ID:1570
last seen	2016-01-31
modified	2006-03-09
platform	php
port
published	2006-03-09
reporter	Hessam-x
source	https://www.exploit-db.com/download/1570/
title	Light Weight Calendar 1.x - date Remote Code Execution Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References