CVE-2006-0206

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://evuln.com/vulns/29/summary.html	Exploit Vendor Advisory
http://evuln.com/vulns/29/exploit.html	Exploit
http://www.securityfocus.com/bid/16229	Exploit
http://secunia.com/advisories/18450	Exploit Vendor Advisory
http://www.osvdb.org/22376
http://attrition.org/pipermail/vim/2006-March/000612.html
http://www.securityfocus.com/archive/1/421920
http://www.vupen.com/english/advisories/2006/0171
https://exchange.xforce.ibmcloud.com/vulnerabilities/24110

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*

Information

Published : 2006-01-13 15:03

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0206

Mitre link : CVE-2006-0206

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

light_weight_calendar

light_weight_calendar

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/29/summary.html", "name": "http://evuln.com/vulns/29/summary.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://evuln.com/vulns/29/exploit.html", "name": "http://evuln.com/vulns/29/exploit.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16229", "name": "16229", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18450", "name": "18450", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/22376", "name": "22376", "tags": [], "refsource": "OSVDB"}, {"url": "http://attrition.org/pipermail/vim/2006-March/000612.html", "name": "20060318 Source VERIFY - Light Weight Calendar issue is eval injection", "tags": [], "refsource": "VIM"}, {"url": "http://www.securityfocus.com/archive/1/421920", "name": "20060113 [eVuln] Light Weight Calendar PHP Code Execution", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.vupen.com/english/advisories/2006/0171", "name": "ADV-2006-0171", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24110", "name": "lwc-cal-execute-code(24110)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0206", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-01-13T23:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}