|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-09-11 | |
| Rule Name: | phpBook index.php date Parameter PHP Code Execution Vulnerability (CVE-2006-0206) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:16229 http://attrition.org/pipermail/vim/2006-March/000612.html http://evuln.com/vulns/29/exploit.html http://evuln.com/vulns/29/summary.html |
|
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |