CVE-2006-4859

Limbo (aka Lite Mambo) CMS 1.0.4.2L - Code Injection

Title source: llm

Description

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2370

References (2)

Scores

EPSS 0.0267
EPSS Percentile 85.8%

Details

Status published
Products (3)
limbo_cms/limbo_cms 1.0.4.1
limbo_cms/limbo_cms 1.0.4.2
limbo_cms/limbo_cms 1.0.4.2l
Published Sep 19, 2006
Tracked Since Feb 18, 2026