2 matches found
CVE-2005-4317
Limbo CMS 1.0.4.2 and earlier, with registerglobals off, does not protect the $SERVER variable from external modification, which allows remote attackers to use the SERVERREMOTEADDR parameter to 1 conduct cross-site scripting XSS attacks in the stats module or 2 execute arbitrary code via an eval...
CVE-2005-4317
Limbo CMS (versions up to 1.0.4.2) is affected by multiple flaws. When register_globals is off and a MySQL backend is used, improper sanitization of _SERVER[REMOTE_ADDR] enables SQL injection. The same parameter can also enable cross-site scripting in the Stats module. Additionally, index2.php pe...