CVE-2005-4318

Limbo CMS <= 1.0.4.2 - SQL Injection via _SERVER[REMOTE_ADDR] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4318. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a vulnerability in Limbo CMS <= 1.0.4.2, allowing remote command execution by overwriting the _SERVER[REMOTE_ADDR] variable. It includes a web interface for inputting target details and executing commands.

Description

SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1373

View Code ZIP pw:eip

This exploit targets a vulnerability in Limbo CMS <= 1.0.4.2, allowing remote command execution by overwriting the _SERVER[REMOTE_ADDR] variable. It includes a web interface for inputting target details and executing commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Limbo CMS <= 1.0.4.2

No auth needed

Prerequisites: Target running Limbo CMS <= 1.0.4.2 · PHP environment to run the exploit

MITRE ATT&CK