Lucene search

[email protected]CVE-2005-4317

HistoryDec 17, 2005 - 11:03 a.m.

CVE-2005-4317

2005-12-1711:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

limbo cms

cve-2005-4317

register_globals

remote attackers

xss

code execution

eval injection

nvd

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.435 Medium

EPSS

Percentile

97.3%

JSON

Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.

CPENameOperatorVersion
limbo_cms:limbo_cmslimbo cmsle1.0.4.2

CPE	Name	Operator	Version
limbo_cms:limbo_cms	limbo cms	le	1.0.4.2

References

rgod.altervista.org/limbo1042_xpl.html

secunia.com/advisories/18063/

securityreason.com/securityalert/255

securitytracker.com/id?1015364

www.osvdb.org/21754

www.osvdb.org/21756

www.securityfocus.com/archive/1/419470/100/0/threaded

www.securityfocus.com/bid/15871/

www.vupen.com/english/advisories/2005/2932

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.435 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2005-4317

openvas2 nessus1