CVE-2006-4859 - OpenCVE

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Limbo Cms	Limbo Cms

Configuration 1 [-]

OR	cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.1:::::::*
	cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:::::::*
	cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2l:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/20044
https://www.exploit-db.com/exploits/2370

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-19T18:00:00

Updated: 2017-10-18T16:57:01

Reserved: 2006-09-19T00:00:00

Link: CVE-2006-4859

JSON object: View

NVD Information

Status : Modified

Published: 2006-09-19T18:07:00.000

Modified: 2017-10-19T01:29:26.050

Link: CVE-2006-4859

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20044", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20044"}, {"name": "2370", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2370"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4859", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20044", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20044"}, {"name": "2370", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2370"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4859", "datePublished": "2006-09-19T18:00:00", "dateReserved": "2006-09-19T00:00:00", "dateUpdated": "2017-10-18T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A20A5711-44DE-42FD-A16F-0BF59F1171E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "D899CC0B-334F-4794-A7C2-449545D728C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2l:*:*:*:*:*:*:*", "matchCriteriaId": "233B6A06-5CB5-4719-B40F-13C61D5E528E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression."}, {"lang": "es", "value": "Vulnerabilidad de subida de fichero no restringida en contact.html.php en el componente Contact (com_contact) en Limbo (tambi\u00e9n conocido como Lite Mambo) CMS 1.0.4.2L y anteriores permite a atacantes remotos subir c\u00f3digo PHP a la carpeta images/contact v\u00eda un nombre de fichero con extensi\u00f3n doble en el par\u00e1metro contact_attach en una opci\u00f3n de contacto en index.php, lo cual evita una insuficientemente restrictiva expresi\u00f3n regular."}], "id": "CVE-2006-4859", "lastModified": "2017-10-19T01:29:26.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-19T18:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20044"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2370"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}