Vulnerability Description
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limbo Cms | Limbo Cms | 1.0.4.1 |
References
- http://www.securityfocus.com/bid/20044
- https://www.exploit-db.com/exploits/2370
- http://www.securityfocus.com/bid/20044
- https://www.exploit-db.com/exploits/2370
FAQ
What is CVE-2006-4859?
CVE-2006-4859 is a vulnerability with a CVSS score of 7.5 (HIGH). Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the i...
How severe is CVE-2006-4859?
CVE-2006-4859 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4859?
Check the references section above for vendor advisories and patch information. Affected products include: Limbo Cms Limbo Cms.