Vulnerabilities > Limbo CMS

DATE	CVE	VULNERABILITY TITLE	RISK
2005-12-17	CVE-2005-4320	Information Exposure vulnerability in Limbo CMS Limbo CMS Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message. network low complexity limbo-cms CWE-200	5.0
2005-12-17	CVE-2005-4319	Unspecified vulnerability in Limbo CMS Limbo CMS Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter. network low complexity limbo-cms	5.0
2005-12-17	CVE-2005-4318	SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. network low complexity limbo-cms	7.5
2005-12-17	CVE-2005-4317	Unspecified vulnerability in Limbo CMS Limbo CMS Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php. network limbo-cms	6.8

Vulnerabilities > Limbo CMS {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Limbo CMS"}]}