Family: CGI abuses --> Category: attack
Limbo com_fm Component PHP Shell Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to call Limbo's com_fm installer
Detailed Explanation for this Vulnerability Test
The remote web server contains PHP scripts that allow copying of
arbitrary files into the web document directory.
The remote host is running Limbo CMS, a content-management system
written in PHP.
The 'com_fm' component of the version of Limbo installed on the remote
host allows an unauthenticated remote attacker to copy arbitrary
files, possibly taken from a third-party host, into the web document
directory. An unauthenticated attacker may be able to exploit this
flaw to read files on the affected host or even set up a PHP shell
that would allow execution of arbitrary code, subject to the
rights of the web server user id.
See also :
Unknown at this time.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.