|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Limbo CMS Multiple Vulnerabilities Vulnerability Assessment Details
|
Limbo CMS Multiple Vulnerabilities |
||
Checks for multiple vulnerabilities in Limbo Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP application that is affected by numerous vulnerabilities. Description : The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If register_globals is off and Limbo is configured to use a MySQL backend, then an SQL injection is possible due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter. - The installation path is revealed when the 'doc.inc.php', 'element.inc.php', and 'node.inc.php' files are reqeusted when PHP's 'display_errors' setting is enabled. - An XSS attack is possible when the Stats module is used due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter. - Arbitrary PHP files can be retrieved via the 'index2.php' script due to improper sanitation of the 'option' parameter. - A possible hacker can run arbitrary system commands on the remote system via a combination of the SQL injection and directory transversal attacks. See also : http://www.securityfocus.com/archive/1/419470 Solution : Apply the patch http://www.limbo-cms.com/downs/patch_1_0_4_2.zip Network Security Threat Level: High / CVSS Base Score : 7 (AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N) Networks Security ID: 15871 Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Josh Zlatin-Amishav |
||
Cables, Connectors |
Intel Xeon E3-1270 v6 3.80GHz 4 Cores SR326 LGA1151 CPU Processor
$46.00
Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...
$619.99
Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...
$419.99
Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1
$39.99
Intel Core i7-8700K SR3QR 3.7GHz CPU Processor
$105.50
Intel Core i5-8500 3 GHz 8 GT/s LGA 1151 Desktop CPU Processor SR3XE
$49.99
Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...
$619.99
AMD Ryzen 5 5500 6-Core 3.6GHz Socket AM4 65W CPU Desktop Processor
$98.99
Intel Core i5-12400 Desktop Processor With HeatSink
$140.00
Intel Core i7-12700 1.6GHz 12-Core SRL4Q Processor
$219.98
|
||
No Discussions have been posted on this vulnerability. |