vendor:
Limbo CMS
by:
StAkeR
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Limbo CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Limbo CMS (Private Messaging Component) Remote SQL Injection Vulnerability
A vulnerability in Limbo CMS (Private Messaging Component) allows remote attackers to inject arbitrary SQL commands via the 'id' parameter in a 'index.php?option=pms&page=open' call. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Mitigation:
No known mitigation is available at this time.