Lucene search

[email protected]CVE-2006-0206

HistoryJan 13, 2006 - 11:03 p.m.

CVE-2006-0206

2006-01-1323:03:00

[email protected]

web.nvd.nist.gov

101

cve-2006-0206

eval injection

lwc

calendar

php

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Affected configurations

NVD

Node

light_weight_calendarlight_weight_calendarMatch1.0

CPENameOperatorVersion
light_weight_calendar:light_weight_calendarlight weight calendareq1.0

CPE	Name	Operator	Version
light_weight_calendar:light_weight_calendar	light weight calendar	eq	1.0

References

attrition.org/pipermail/vim/2006-March/000612.html

evuln.com/vulns/29/exploit.html

evuln.com/vulns/29/summary.html

secunia.com/advisories/18450

www.osvdb.org/22376

www.securityfocus.com/archive/1/421920

www.securityfocus.com/bid/16229

www.vupen.com/english/advisories/2006/0171

exchange.xforce.ibmcloud.com/vulnerabilities/24110

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2006-0206

prion1 nvd1 cvelist1 checkpoint_advisories1