Lucene search
HistoryApr 07, 2006 - 10:04 a.m.
CVE-2006-1662
cve-2006-1662
limbo cms
remote code execution
security vulnerability
php commands
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.123 Low
EPSS
Percentile
95.5%
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
Affected configurations
Node
limbo_cmslimbo_cmsMatch1.0.4.1
ORlimbo_cmslimbo_cmsMatch1.0.4.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| limbo_cms:limbo_cms | limbo cms | eq | 1.0.4.1 |
| limbo_cms:limbo_cms | limbo cms | eq | 1.0.4.2 |
Related
cvelist
cvelist
CVE-2006-1662
2006-04-07 10:00:00
nvd
nvd
CVE-2006-1662
2006-04-07 10:04:00
nessus
nessus
Limbo CMS index.php Itemid Parameter Arbitrary Command Execution
2006-03-03 00:00:00
prion
prion
Design/Logic Flaw
2006-04-07 10:04:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.123 Low
EPSS
Percentile
95.5%
Related for CVE-2006-1662