CVE-2006-0206

Name of the Vulnerable Software and Affected Versions Light Weight Calendar (LWC) versions 1.0 (20040909) and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via the date parameter in "cal.php", which is included by "index.php". This enables attackers to inject and execute malicious PHP code, potentially leading to unauthorized access or control of the system.

Recommendations For Light Weight Calendar (LWC) versions 1.0 (20040909) and earlier, consider restricting access to the "cal.php" file or avoiding the use of the date parameter in "cal.php" until a fix is available. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious code injection.