Description - PHP Code Execution in Light Weight Calendar
PHP Code Execution found in Light Weight Calendar script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: cal.php
Function eval() is called with user-defined parameter which is not properly sanitized. This can be used to execute arbitrary PHP code.
System access is possible.
Order Source Code Audit made by eVuln
Prevent attacks by source code testing of your website or web application done by Aliaksandr Hartsuyeu.The order will be done by experts in web application security.