- Description
- Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:light_weight_calendar:light_weight_calendar:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA2D9CE2-E12E-4325-8B39-22E6D2295ADF"
}
],
"operator": "OR"
}
]
}
]