Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
attrition.org/pipermail/vim/2006-March/000612.html
evuln.com/vulns/29/exploit.html
evuln.com/vulns/29/summary.html
secunia.com/advisories/18450
www.osvdb.org/22376
www.securityfocus.com/archive/1/421920
www.securityfocus.com/bid/16229
www.vupen.com/english/advisories/2006/0171
exchange.xforce.ibmcloud.com/vulnerabilities/24110