CVE-2006-0206

{"id": "CVE-2006-0206", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-01-13T23:03:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-March/000612.html", "source": "cve@mitre.org"}, {"url": "http://evuln.com/vulns/29/exploit.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://evuln.com/vulns/29/summary.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18450", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22376", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/421920", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16229", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0171", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24110", "source": "cve@mitre.org"}, {"url": "http://attrition.org/pipermail/vim/2006-March/000612.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://evuln.com/vulns/29/exploit.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://evuln.com/vulns/29/summary.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18450", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22376", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/421920", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/16229", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0171", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24110", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n Eval en Light Weight Calendar (LWC) 1.0 (20040909) y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro date en cal.php, que est\u00e1 incluido en index.php."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2D9CE2-E12E-4325-8B39-22E6D2295ADF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}