Detections
Analytics

Limbo weblinks.html.php catid Parameter SQL Injection

medium Nessus Plugin ID 21558

Language:

Synopsis

The remote web server contains a PHP script that is affected by a SQL injection issue.

Description

The remote host is running Limbo CMS, a content-management system written in PHP.

The version of Limbo CMS installed on the remote host fails to sanitize input to the 'catid' parameter of the 'index.php' script before using it in a database query. An unauthenticated attacker may be able to leverage this issue to manipulate SQL queries to uncover password hashes for arbitrary users of the affected application.

Note that successful exploitation requires that Limbo is configured to use MySQL for its database backend, which is not the default.

Solution

Apply Cumulative Patch v8 to Limbo 1.0.4.2.

See Also

https://www.securityfocus.com/archive/1/433221/30/0/threaded

http://www.nessus.org/u?3ecf65b1

Plugin Details

Severity: Medium

ID: 21558

File Name: limbo_catid_sql_injection.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 5/15/2006

Updated: 4/11/2022

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/7/2006

Reference Information

CVE: CVE-2006-2363

BID: 17870

CWE: 16, 89