CVE-2006-3041

Name of the Vulnerable Software and Affected Versions Codewalkers Ltwcalendar version 4.1.3

Description The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the ltw config[include dir] parameter in the Ltwcalendar/calendar.php file. However, it is noted that the $ltw config[include dir] variable is defined as a static value in an include file before it is referenced in an include() statement, which disputes the claim of vulnerability.

Recommendations For Codewalkers Ltwcalendar version 4.1.3, consider reviewing the code to ensure the $ltw config[include dir] variable is properly sanitized and validated to prevent potential exploitation. As a temporary workaround, consider restricting access to the calendar.php file until the issue is fully resolved.