CVE-2006-4859

Limbo (aka Lite Mambo) CMS 1.0.4.2L - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4859. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in Limbo CMS <= 1.0.4.2L, where the `file_ext` function fails to properly validate file extensions, allowing arbitrary PHP code execution via a maliciously crafted filename (e.g., `suntzu.gif.php`). The exploit uploads a PHP shell and executes commands via HTTP headers.

Description

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/2370

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in Limbo CMS <= 1.0.4.2L, where the `file_ext` function fails to properly validate file extensions, allowing arbitrary PHP code execution via a maliciously crafted filename (e.g., `suntzu.gif.php`). The exploit uploads a PHP shell and executes commands via HTTP headers.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Limbo CMS <= 1.0.4.2L

No auth needed

Prerequisites: Target must have Limbo CMS <= 1.0.4.2L installed · File upload functionality must be accessible via `Itemid` 3 or 43 · Web server must allow execution of uploaded PHP files

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20044

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2370

Scores

EPSS 0.0738

EPSS Percentile 93.6%

Details

Status published

Products (3)

limbo_cms/limbo_cms 1.0.4.1

limbo_cms/limbo_cms 1.0.4.2

limbo_cms/limbo_cms 1.0.4.2l

Published Sep 19, 2006

Tracked Since Feb 18, 2026