| VID |
21886 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Limbo CMS program is vulnerable to a remote file include vulnerability via the 'classes/adodbt/sql.php' script. Limbo CMS is a content-management system (CMS) written in PHP. Limbo CMS version 1.0.4.2 and earlier versions are vulnerable to a remote file include vulnerability, caused by improper validation of user-supplied input passed to the 'classes_dir' parameter of the 'classes/adodbt/sql.php' script. A remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://www.limboforge.org/phpbt/bug.php?op=show&bugid=19
http://secunia.com/advisories/19891/
* Platforms Affected:
Limbo CMS version 1.0.4.2 and earlier versions
Any operating system Any version |
| Recommendation |
Apply cumulative patch v8 for version 1.0.4.2, available from the Limbo CMS Web site at http://limboforge.org/web/component/option,com_remository/Itemid,1/func,fileinfo/id,115/ |
| Related URL |
CVE-2006-2142 (CVE) |
| Related URL |
17760 (SecurityFocus) |
| Related URL |
26196 (ISS) |
|
