Limbo CMS <= 1.0.4.2 Multiple Vulnerabilitiesa

high Nessus Network Monitor Plugin ID 3526

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running the Limbo Content Management System (CMS). This version of Limbo is vulnerable to a flaw where remote attackers can include arbitrary code within HTTP requests. By using such a tactic, the remote attacker can execute arbitrary code with the permissions of the remote web server. In addition, the remote host is vulnerable to a SQL Injection attack. An attacker exploiting this flaw would send a malformed HTTP query to the server that would, upon parsing, cause the web server to execute arbitrary SQL commands on the backend database server.

Solution

No solution is known at this time.

Plugin Details

Severity: High

ID: 3526

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:limbo_cms:limbo_cms

Reference Information

CVE: CVE-2006-2142, CVE-2008-0734

BID: 17760, 17870, 27710

Detections

Analytics