CVE-2006-0206 Information

Description

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php which is included by index.php.

Reference

http://attrition.org/pipermail/vim/2006-March/000612.html http://evuln.com/vulns/29/exploit.html http://evuln.com/vulns/29/summary.html http://secunia.com/advisories/18450 http://www.osvdb.org/22376 http://www.securityfocus.com/archive/1/421920 http://www.securityfocus.com/bid/16229 http://www.vupen.com/english/advisories/2006/0171 https://exchange.xforce.ibmcloud.com/vulnerabilities/24110