CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-4318

HIGH
7.5
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile21.62th
Published2005年12月17日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 http://rgod.altervista.org/limbo1042_xpl.html
🔗 http://secunia.com/advisories/18063/
🔗 http://securityreason.com/securityalert/255
🔗 http://securitytracker.com/id?1015364
🔗 http://www.osvdb.org/21753
🔗 http://www.securityfocus.com/archive/1/419470/100/0/threaded
🔗 http://www.securityfocus.com/bid/15871/
🔗 http://www.vupen.com/english/advisories/2005/2932

相關漏洞威脅

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...

CVE-2005-103710.0

Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.