CVE-2006-0206

critical

Description

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24110

http://www.vupen.com/english/advisories/2006/0171

http://www.securityfocus.com/archive/1/421920

http://www.osvdb.org/22376

http://attrition.org/pipermail/vim/2006-March/000612.html

Details

Source: Mitre, NVD

Published: 2006-01-13

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.13454

Detections

Analytics