CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-4859

HIGH
7.5
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile38.70th
Published2006年9月19日
Last Modified2026年4月16日

Vulnerability Description

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

Affected Platforms (CPE)

📦
Limbo Cms

Limbo Cms

= 1.0.4.1
📦
Limbo Cms

Limbo Cms

= 1.0.4.2
📦
Limbo Cms

Limbo Cms

= 1.0.4.2l

References & Advisories

🔗 http://www.securityfocus.com/bid/20044
🔗 https://www.exploit-db.com/exploits/2370
🔗 http://www.securityfocus.com/bid/20044
🔗 https://www.exploit-db.com/exploits/2370

相關漏洞威脅

CVE-2006-486010.0

Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php...

CVE-2006-16627.5

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid par...

CVE-2005-43187.5

SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to e...

CVE-2008-07347.5

SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to exec...