Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Limbo com_fm Component PHP Shell Vulnerability


Vulnerability Assessment Details

Limbo com_fm Component PHP Shell Vulnerability

Vulnerability Assessment Summary
Tries to call Limbo's com_fm installer

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains PHP scripts that permit copying of
arbitrary files into the web document directory.

Description :

The remote host is running Limbo CMS, a content-management system
written in PHP.

The 'com_fm' component of the version of Limbo installed on the remote
host permits an unauthenticated remote attacker to copy arbitrary
files, possibly taken from a third-party host, into the web document
directory. An unauthenticated attacker may be able to exploit this
flaw to read files on the affected host or even set up a PHP shell
that would permit execution of arbitrary code, subject to the
rights of the web server user id.

See also :

http://www.securityfocus.com/archive/1/446142/30/0/threaded

Solution :

Unknown at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot picture

Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot

$188.99



New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB picture

New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB

$59.99



Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot picture

Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot

$108.29



Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot picture

Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot

$118.99



Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5

Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot

$13.99



MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive  picture

MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive

$54.99



WD BLUE 3D NAND 250GB 2.5

WD BLUE 3D NAND 250GB 2.5" SATA Laptop SSD Solid State Tested,Wiped -WDS250G2B0A

$16.99



Fanxiang M.2 SATA SSD 2TB 1TB 512GB 256GB SSD Internal M2 Solid State Drive Lot picture

Fanxiang M.2 SATA SSD 2TB 1TB 512GB 256GB SSD Internal M2 Solid State Drive Lot

$21.99



4tb Ssd 870evo Internal Solid State Drive Hard Disk 2.5 Inch Sata SSD For Laptop picture

4tb Ssd 870evo Internal Solid State Drive Hard Disk 2.5 Inch Sata SSD For Laptop

$50.15



Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot picture

Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot

$119.99



Discussions

No Discussions have been posted on this vulnerability.