Summary
The remote web server contains a PHP application that is affected by numerous vulnerabilities.
Description :
The remote host is running Limbo CMS, a content-management system written in PHP.
The remote version of this software is vulnerable to several flaws including :
- If register_globals is off and Limbo is configured to use a MySQL backend, then an SQL injection is possible due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter.
- The installation path is revealed when the 'doc.inc.php', 'element.inc.php', and 'node.inc.php' files are reqeusted when PHP's 'display_errors' setting is enabled.
- An XSS attack is possible when the Stats module is used due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter.
- Arbitrary PHP files can be retrieved via the 'index2.php' script due to improper sanitation of the 'option' parameter.
- An attacker can run arbitrary system commands on the remote system via a combination of the SQL injection and directory transversal attacks.
Solution
Apply the patch http://www.limbo-cms.com/downs/patch_1_0_4_2.zip
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-4317, CVE-2005-4318, CVE-2005-4319, CVE-2005-4320 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- ASP Inline Corporate Calendar SQL injection
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities