Lucene search

[email protected]CVE-2006-1662

HistoryApr 07, 2006 - 10:04 a.m.

CVE-2006-1662

2006-04-0710:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1662

limbo cms

remote code execution

security vulnerability

php commands

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.123 Low

EPSS

Percentile

95.4%

JSON

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

CPENameOperatorVersion
limbo_cms:limbo_cmslimbo cmseq1.0.4.2
limbo_cms:limbo_cmslimbo cmseq1.0.4.1

CPE	Name	Operator	Version
limbo_cms:limbo_cms	limbo cms	eq	1.0.4.2
limbo_cms:limbo_cms	limbo cms	eq	1.0.4.1

References

archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html

securityreason.com/securityalert/519

www.securityfocus.com/archive/1/426428

www.securityfocus.com/archive/1/429946/100/0/threaded

www.securityfocus.com/bid/16902

exchange.xforce.ibmcloud.com/vulnerabilities/24992

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.123 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2006-1662

nessus1 prion1 cvelist1