Web application abuses : Limbo CMS Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.20824

Categoría: Web application abuses

Título: Limbo CMS Multiple Vulnerabilities

Resumen: The remote version of Limbo CMS is vulnerable to several flaws.

Descripción: Summary:
The remote version of Limbo CMS is vulnerable to several flaws.

Vulnerability Insight:
Multiple flaws exist:

- If register_globals is off and Limbo is configured to use a MySQL
backend, then an SQL injection is possible due to improper
sanitization of the '_SERVER[REMOTE_ADDR]' parameter.

- The installation path is revealed when the 'doc.inc.php',
'element.inc.php', and 'node.inc.php' files are requested when
PHP's 'display_errors' setting is enabled.

- An XSS attack is possible when the Stats module is used due to
improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter.

- Arbitrary PHP files can be retrieved via the 'index2.php' script
due to improper sanitation of the 'option' parameter.

- An attacker can run arbitrary system commands on the remote
system via a combination of the SQL injection and directory transversal attacks.

Solution:
Apply the patch 1_0_4_2 provided by the vendor.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-4317
BugTraq ID: 15871
http://www.securityfocus.com/bid/15871/
Bugtraq: 20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution (Google Search)
http://www.securityfocus.com/archive/1/419470/100/0/threaded
http://rgod.altervista.org/limbo1042_xpl.html
http://www.osvdb.org/21754
http://www.osvdb.org/21756
http://securitytracker.com/id?1015364
http://secunia.com/advisories/18063/
http://securityreason.com/securityalert/255
http://www.vupen.com/english/advisories/2005/2932
Common Vulnerability Exposure (CVE) ID: CVE-2005-4318
http://www.osvdb.org/21753
Common Vulnerability Exposure (CVE) ID: CVE-2005-4319
http://www.osvdb.org/21755
Common Vulnerability Exposure (CVE) ID: CVE-2005-4320
http://www.osvdb.org/21757
http://www.osvdb.org/21758
http://www.osvdb.org/21759

Copyright Copyright (C) 2006 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.20824
Categoría:	Web application abuses
Título:	Limbo CMS Multiple Vulnerabilities
Resumen:	The remote version of Limbo CMS is vulnerable to several flaws.
Descripción:	Summary: The remote version of Limbo CMS is vulnerable to several flaws. Vulnerability Insight: Multiple flaws exist: - If register_globals is off and Limbo is configured to use a MySQL backend, then an SQL injection is possible due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter. - The installation path is revealed when the 'doc.inc.php', 'element.inc.php', and 'node.inc.php' files are requested when PHP's 'display_errors' setting is enabled. - An XSS attack is possible when the Stats module is used due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter. - Arbitrary PHP files can be retrieved via the 'index2.php' script due to improper sanitation of the 'option' parameter. - An attacker can run arbitrary system commands on the remote system via a combination of the SQL injection and directory transversal attacks. Solution: Apply the patch 1_0_4_2 provided by the vendor. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4317 BugTraq ID: 15871 http://www.securityfocus.com/bid/15871/ Bugtraq: 20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution (Google Search) http://www.securityfocus.com/archive/1/419470/100/0/threaded http://rgod.altervista.org/limbo1042_xpl.html http://www.osvdb.org/21754 http://www.osvdb.org/21756 http://securitytracker.com/id?1015364 http://secunia.com/advisories/18063/ http://securityreason.com/securityalert/255 http://www.vupen.com/english/advisories/2005/2932 Common Vulnerability Exposure (CVE) ID: CVE-2005-4318 http://www.osvdb.org/21753 Common Vulnerability Exposure (CVE) ID: CVE-2005-4319 http://www.osvdb.org/21755 Common Vulnerability Exposure (CVE) ID: CVE-2005-4320 http://www.osvdb.org/21757 http://www.osvdb.org/21758 http://www.osvdb.org/21759
Copyright	Copyright (C) 2006 Josh Zlatin-Amishav