Detections
Analytics

Limbo CMS Multiple Vulnerabilities

high Nessus Plugin ID 20824

Language:

Synopsis

The remote web server contains a PHP application that is affected by numerous vulnerabilities.

Description

The remote host is running Limbo CMS, a content-management system written in PHP.

The remote version of this software is vulnerable to several flaws including :

 - If register_globals is off and Limbo is configured to use a MySQL backend, then a SQL injection is possible due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter.

 - The installation path is revealed when the 'doc.inc.php', 'element.inc.php', and 'node.inc.php' files are reqeusted when PHP's 'display_errors' setting is enabled.

 - A cross-site scripting attack is possible when the Stats module is used due to improper sanitization of the '_SERVER[REMOTE_ADDR]' parameter.

 - Arbitrary PHP files can be retrieved via the 'index2.php' script due to improper sanitation of the 'option' parameter.

 - An attacker can run arbitrary system commands on the remote system via a combination of the SQL injection and directory transversal attacks.

Solution

Apply the patch from the references above.

See Also

https://www.securityfocus.com/archive/1/419470

http://www.nessus.org/u?6b3b5f19

Plugin Details

Severity: High

ID: 20824

File Name: limbo_multiple_flaws.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 1/30/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/14/2005

Reference Information

CVE: CVE-2005-4317, CVE-2005-4318, CVE-2005-4319, CVE-2005-4320

BID: 15871