Vulnerabilities > Limbo CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-06 | CVE-2008-6078 | SQL Injection vulnerability in Limbo CMS COM Privmsg SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php. | 7.5 |
| 2008-02-13 | CVE-2008-0734 | SQL Injection vulnerability in Limbo CMS Limbo CMS SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php. | 7.5 |
| 2006-09-19 | CVE-2006-4859 | Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | 7.5 |
| 2006-04-07 | CVE-2006-1662 | Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2 The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. | 7.5 |
| 2005-12-17 | CVE-2005-4318 | SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | 7.5 |