Vulnerability CVE-2005-4319
Published: 2005-12-17   Modified: 2012-02-12

Description:
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution
rgod
14.12.2005

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Limbo cms -> Limbo cms 

 References:
http://rgod.altervista.org/limbo1042_xpl.html
http://securityreason.com/securityalert/255
http://securitytracker.com/id?1015364
http://www.securityfocus.com/archive/1/419470/100/0/threaded
http://www.securityfocus.com/bid/15871/
http://www.vupen.com/english/advisories/2005/2932
Copyright 2024, cxsecurity.com

 

Back to Top