Summary
This host is running Limny and is prone to directory traversal vulnerability.
Impact
Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to Limny version 3.0.1 or later,
For updates refer to http://www.limny.org/download
Insight
Input passed via 'theme' parameter to admin/preview.php is not properly sanitised before being used to include files.
Affected
Limny version 3.0.0
References
Severity
Classification
-
CVE CVE-2011-5210 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14