CVE-2006-1662

Limbo CMS <1.0.4.2-1.0.4.1 - RCE

Title source: llm

Description

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by sirh0t · webappsphp

https://www.exploit-db.com/exploits/1563

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by str0ke · perlwebappsphp

https://www.exploit-db.com/exploits/1541

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://securityreason.com/securityalert/519

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0728.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16902

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/429946/100/0/threaded

[Exploit] http://www.securityfocus.com/archive/1/426428

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24992

Scores

EPSS 0.1925

EPSS Percentile 95.4%

Details

Status published

Products (2)

limbo_cms/limbo_cms 1.0.4.1

limbo_cms/limbo_cms 1.0.4.2

Published Apr 07, 2006

Tracked Since Feb 18, 2026