Limny Admin/preview.php Theme Parameter Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running Limny and is prone to directory traversal vulnerability.

Impact

Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to Limny version 3.0.1 or later, For updates refer to http://www.limny.org/download

Insight

Input passed via 'theme' parameter to admin/preview.php is not properly sanitised before being used to include files.

Affected

Limny version 3.0.0

References

http://secunia.com/advisories/43124
http://www.autosectools.com/Advisories/Limny.3.0.0_Local.File.Inclusion_99.html
http://www.osvdb.org/70747
http://xforce.iss.net/xforce/xfdb/65083

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-5210

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Open For Business HTML injection vulnerability
Apache ActiveMQ Multiple Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Limny admin/preview.php theme Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities