| VID |
21860 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Limbo CMS program is vulnerable to multiple vulnerabilities which exist in versions 1.0.4.2 and earlier. Limbo CMS is a content-management system (CMS) written in PHP. Limbo CMS version 1.0.4.2 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to carry out cross-site scripting, SQL injection, and local file include attacks. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary system commands on the vulnerable system.
* References:
http://www.securityfocus.com/archive/1/419470
http://secunia.com/advisories/14559/
http://secunia.com/advisories/18063/
* Platforms Affected:
Limbo CMS version 1.0.4.2 and earlier versions
Any operating system Any version |
| Recommendation |
Update to version 1.0.4.2 containing the December 2005 patch, available from the Limbo CMS Web site at http://www.limbo-cms.com/index.php/option/downloads/catid/30/Itemid/65
-- OR --
For version 1.0.4.2 (prior to 2005-12-15):
Apply December 2005 patch, available from the Limbo CMS Web site at http://www.limbo-cms.com/downs/patch_1_0_4_2.zip
-- OR --
Upgrade to the latest version of Limbo CMS (1.0.5 or later), when new fixed version becomes available from the Limbo CMS Web site at http://www.limbo-cms.com/ |
| Related URL |
CVE-2005-4317,CVE-2005-4318,CVE-2005-4319,CVE-2005-4320 (CVE) |
| Related URL |
15871 (SecurityFocus) |
| Related URL |
23597,23601,23603,23606 (ISS) |
|
