Published: 17/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Limbo CMS 1.0.4.2 and previous versions, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote malicious users to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
limbo cms limbo cms

source: wwwsecurityfocuscom/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks Limbo CMS versions 1042 and prior are affected by these vulnerabilities wwwexamplecom/[path]/?_SERVER ...

NVD-CWE-Other http://rgod.altervista.org/limbo1042_xpl.html http://www.securityfocus.com/bid/15871/http://securitytracker.com/id?1015364 http://secunia.com/advisories/18063/http://www.osvdb.org/21754 http://www.osvdb.org/21756 http://securityreason.com/securityalert/255 http://www.vupen.com/english/advisories/2005/2932 http://www.securityfocus.com/archive/1/419470/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/26836/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4317

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect