Lucene search

K
cve[email protected]CVE-2006-0206
HistoryJan 13, 2006 - 11:03 p.m.

CVE-2006-0206

2006-01-1323:03:00
web.nvd.nist.gov
101
cve-2006-0206
eval injection
lwc
calendar
php
remote attack

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.128 Low

EPSS

Percentile

95.5%

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Affected configurations

NVD
Node
light_weight_calendarlight_weight_calendarMatch1.0

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.128 Low

EPSS

Percentile

95.5%