Remote Code Execution and Cross-Site Scripting Vulnerability in Limbo CMS 1.0.4.2 and Earlier

Remote Code Execution and Cross-Site Scripting Vulnerability in Limbo CMS 1.0.4.2 and Earlier

CVE-2005-4317 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.

Learn more about our Cis Benchmark Audit For Server Software.