Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and previous versions allows remote malicious users to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
limbo cms limbo cms 1.0.4.1 |
||
limbo cms limbo cms 1.0.4.2 |
||
limbo cms limbo cms 1.0.4.2l |