Back to search
CVE-2005-4317
Published: Dec 17, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
18063
third-party-advisory
x_refsource_SECUNIA
21754
vdb-entry
x_refsource_OSVDB
1015364
vdb-entry
x_refsource_SECTRACK
http://rgod.altervista.org/limbo1042_xpl.html
x_refsource_MISC
255
third-party-advisory
x_refsource_SREASON
15871
vdb-entry
x_refsource_BID
20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution
mailing-list
x_refsource_BUGTRAQ
21756
vdb-entry
x_refsource_OSVDB
ADV-2005-2932
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now