Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:PHP:LWC-DATE-CMDINJ

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Light Weight Calendar index.php Arbitrary Command Injection

Release Date

 2013/05/07

Update Number

 2260

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Light Weight Calendar index.php Arbitrary Command Injection


This signature detects attempts to exploit a known command injection vulnerability in Light Weight Calendar. It is due to improper input filtering. In a successful command injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the process.

Extended Description

Light Weight Calendar is prone to a remote command execution vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP commands on an affected computer with the privileges of the Web server process. Successful exploitation could facilitate unauthorized access; other attacks are also possible.

Affected Products

  • Light Weight Calendar 1.0.0

References

  • BugTraq: 16229
  • CVE: CVE-2006-0206

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out