Lucene search

[email protected]CVE-2006-0206

HistoryJan 13, 2006 - 11:03 p.m.

CVE-2006-0206

2006-01-1323:03:00

[email protected]

web.nvd.nist.gov

101

cve-2006-0206

eval injection

lwc

calendar

php

remote attack

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.128 Low

EPSS

Percentile

95.5%

JSON

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Affected configurations

NVD

Node

light_weight_calendarlight_weight_calendarMatch1.0

CPENameOperatorVersion
light_weight_calendar:light_weight_calendarlight weight calendareq1.0

CPE	Name	Operator	Version
light_weight_calendar:light_weight_calendar	light weight calendar	eq	1.0

References

attrition.org/pipermail/vim/2006-March/000612.html

evuln.com/vulns/29/exploit.html

evuln.com/vulns/29/summary.html

secunia.com/advisories/18450

www.osvdb.org/22376

www.securityfocus.com/archive/1/421920

www.securityfocus.com/bid/16229

www.vupen.com/english/advisories/2006/0171

exchange.xforce.ibmcloud.com/vulnerabilities/24110

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.128 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2006-0206

checkpoint_advisories1 prion1 nvd1 cvelist1