Limbo Cms: >> Limbo Cms Security Vulnerabilities
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
CVSS Score
7.5
EPSS Score
0.016
Published
2005-12-17
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
CVSS Score
5.0
EPSS Score
0.144
Published
2005-12-17
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.
CVSS Score
5.0
EPSS Score
0.01
Published
2005-12-17
Page 2