CVE-2005-4319

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rgod.altervista.org/limbo1042_xpl.html	Exploit Vendor Advisory
http://www.securityfocus.com/bid/15871/	Exploit Patch
http://securitytracker.com/id?1015364	Exploit
http://secunia.com/advisories/18063/	Patch Vendor Advisory
http://www.osvdb.org/21755
http://securityreason.com/securityalert/255
http://www.vupen.com/english/advisories/2005/2932
http://www.securityfocus.com/archive/1/419470/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:limbo_cms:limbo_cms:*:*:*:*:*:*:*:*

Information

Published : 2005-12-17 03:03

Updated : 2018-10-19 08:40

NVD link : CVE-2005-4319

Mitre link : CVE-2005-4319

JSON object : View

CWE

NVD-CWE-Other

Products Affected

limbo_cms

limbo_cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rgod.altervista.org/limbo1042_xpl.html", "name": "http://rgod.altervista.org/limbo1042_xpl.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/15871/", "name": "15871", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015364", "name": "1015364", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/18063/", "name": "18063", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/21755", "name": "21755", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/255", "name": "255", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2005/2932", "name": "ADV-2005-2932", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/419470/100/0/threaded", "name": "20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via \"..\" sequences in the option parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4319", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-17T11:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:limbo_cms:limbo_cms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.4.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:40Z"}

5.0 /10