CVE-2006-2363

Limbo Cms - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [Oo] · phpwebappsphp

https://www.exploit-db.com/exploits/1751

View Code ZIP pw:eip

References (6)

[Patch] http://forum.limboforge.org/index.php?topic=6.0

[Patch, Vendor Advisory] http://secunia.com/advisories/19891

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26366

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/433221/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1751

[Third Party Advisory] http://securityreason.com/securityalert/893

Scores

EPSS 0.0135

EPSS Percentile 80.2%

Details

CWE

CWE-16 CWE-89

Status published

Products (1)

limbo_cms/limbo_cms 1.0.4.2

Published May 15, 2006

Tracked Since Feb 18, 2026