CyberSec.Space Logo
Back to CVE Browser

CVE-2006-1662

HIGH
7.5
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile35.47th
PublishedApr 7, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

Affected Platforms (CPE)

πŸ“¦
Limbo Cms

Limbo Cms

= 1.0.4.1
πŸ“¦
Limbo Cms

Limbo Cms

= 1.0.4.2

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html
πŸ”— http://securityreason.com/securityalert/519
πŸ”— http://www.securityfocus.com/archive/1/426428
πŸ”— http://www.securityfocus.com/archive/1/429946/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/16902
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/24992
πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html
πŸ”— http://securityreason.com/securityalert/519

Related Vulnerabilities

CVE-2006-486010.0

Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php...

CVE-2006-48597.5

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1....

CVE-2005-43187.5

SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to e...

CVE-2008-07347.5

SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to exec...