CVE-2006-0206

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://attrition.org/pipermail/vim/2006-March/000612.html
http://evuln.com/vulns/29/exploit.html	Exploit
http://evuln.com/vulns/29/summary.html	Exploit Vendor Advisory
http://secunia.com/advisories/18450	Exploit Vendor Advisory
http://www.osvdb.org/22376
http://www.securityfocus.com/archive/1/421920
http://www.securityfocus.com/bid/16229	Exploit
http://www.vupen.com/english/advisories/2006/0171
https://exchange.xforce.ibmcloud.com/vulnerabilities/24110

Configurations

Configuration 1 (hide)

cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-01-13 23:03

Updated : 2024-02-04 16:52

NVD link : CVE-2006-0206

Mitre link : CVE-2006-0206

CVE.ORG link : CVE-2006-0206

JSON object : View

Products Affected

light_weight_calendar

light_weight_calendar

CWE

NVD-CWE-Other

{"id": "CVE-2006-0206", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-01-13T23:03:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-March/000612.html", "source": "cve@mitre.org"}, {"url": "http://evuln.com/vulns/29/exploit.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://evuln.com/vulns/29/summary.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18450", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22376", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/421920", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16229", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0171", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24110", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n Eval en Light Weight Calendar (LWC) 1.0 (20040909) y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro date en cal.php, que est\u00e1 incluido en index.php."}], "lastModified": "2017-07-20T01:29:32.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2D9CE2-E12E-4325-8B39-22E6D2295ADF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}