Vulnerabilities > CVE-2006-1662 - Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit. CVE-2006-1662. Webapps exploit for php platform id EDB-ID:1541 last seen 2016-01-31 modified 2006-03-01 published 2006-03-01 reporter str0ke source https://www.exploit-db.com/download/1541/ title Limbo CMS <= 1.0.4.2 ItemID Remote Code Execution Exploit description Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (meta). CVE-2006-1662. Webapps exploit for php platform id EDB-ID:1563 last seen 2016-01-31 modified 2006-03-07 published 2006-03-07 reporter sirh0t source https://www.exploit-db.com/download/1563/ title Limbo CMS <= 1.0.4.2 ItemID Remote Code Execution Exploit meta
Nessus
NASL family | CGI abuses |
NASL id | LIMBO_ITEMID_CMD_EXEC.NASL |
description | The remote host is running Limbo CMS, a content-management system written in PHP. The installed version of Limbo fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20994 |
published | 2006-03-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20994 |
title | Limbo CMS index.php Itemid Parameter Arbitrary Command Execution |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html
- http://securityreason.com/securityalert/519
- http://www.securityfocus.com/archive/1/426428
- http://www.securityfocus.com/archive/1/429946/100/0/threaded
- http://www.securityfocus.com/bid/16902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24992