CVE-2006-1662

Limbo CMS 1.0.4.1-1.0.4.2 - Remote Code Execution via Itemid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-1662. PoCs published by sirh0t, str0ke.

AI-analyzed exploit summary This is a Metasploit module exploiting a remote code execution vulnerability in Limbo CMS 1.x via arbitrary PHP code execution through the 'option' and 'Itemid' parameters. It supports multiple execution methods (system, exec, shell_exec, passthru) and includes a test mode to check for vulnerability.

Description

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by sirh0t · webappsphp
https://www.exploit-db.com/exploits/1563

This is a Metasploit module exploiting a remote code execution vulnerability in Limbo CMS 1.x via arbitrary PHP code execution through the 'option' and 'Itemid' parameters. It supports multiple execution methods (system, exec, shell_exec, passthru) and includes a test mode to check for vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Limbo CMS 1.x
No auth needed
Prerequisites: Network access to the target web server · Limbo CMS 1.x installed and unpatched
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by str0ke · perlwebappsphp
https://www.exploit-db.com/exploits/1541

This Perl script exploits a remote code execution vulnerability in Limbo CMS <= 1.0.4.2 by injecting a malicious payload into the 'Itemid' parameter via the 'passthru' function. The exploit sends a crafted HTTP request to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Limbo CMS <= 1.0.4.2
No auth needed
Prerequisites: Target server running Limbo CMS <= 1.0.4.2 · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/519
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16902
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429946/100/0/threaded
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426428
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24992

Scores

EPSS 0.0328
EPSS Percentile 86.8%

Details

Status published
Products (2)
limbo_cms/limbo_cms 1.0.4.1
limbo_cms/limbo_cms 1.0.4.2
Published Apr 07, 2006
Tracked Since Feb 18, 2026