PHP Code Execution in Light Weight Calendar
- PHP Code Execution in Light Weight Calendar
- Last Update
- 0 n/a
- Risk Level
- PHP Code Execution
- Vulnerable Software
- Light Weight Calendar (http://sourceforge.net/projects/lwcal/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
PHP Code Execution found in Light Weight Calendar (http://sourceforge.net/projects/lwcal/) script.
Vulnerable script: cal.php
Function eval() is called with user-defined parameter which is not properly sanitized. This can be used to execute arbitrary PHP code.
System access is possible.
PHP Code Execution example.
http://host/lwc/index.php? stam=1928504&date=20050901);%20echo%20(%60ls%20-la%60 &View=month
Solution for "PHP Code Execution in Light Weight Calendar" is not available. Check vendor's website for updates.
Order PHP Code Audit made by eVuln
Check your site by source code analysis of your website made by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.