Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Limbo com_fm Component PHP Shell Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to call Limbo's com_fm installer

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains PHP scripts that allow copying of
arbitrary files into the web document directory.

Description :

The remote host is running Limbo CMS, a content-management system
written in PHP.

The 'com_fm' component of the version of Limbo installed on the remote
host allows an unauthenticated remote attacker to copy arbitrary
files, possibly taken from a third-party host, into the web document
directory. An unauthenticated attacker may be able to exploit this
flaw to read files on the affected host or even set up a PHP shell
that would allow execution of arbitrary code, subject to the
rights of the web server user id.

See also :

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.