CVE-2005-4319

Limbo CMS <1.0.4.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4319. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion (LFI) vulnerability in Limbo CMS by manipulating the 'option' parameter to traverse directories and include arbitrary files. The PoC is a simple URL-based attack that does not require authentication.

Description

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/26837

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion (LFI) vulnerability in Limbo CMS by manipulating the 'option' parameter to traverse directories and include arbitrary files. The PoC is a simple URL-based attack that does not require authentication.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Limbo CMS versions 1.0.4.2 and prior

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK