{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T01:33:14.669","vulnerabilities":[{"cve":{"id":"CVE-2006-4859","sourceIdentifier":"cve@mitre.org","published":"2006-09-19T18:07:00.000","lastModified":"2026-06-16T22:29:55.337","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression."},{"lang":"es","value":"Vulnerabilidad de subida de fichero no restringida en contact.html.php en el componente Contact (com_contact) en Limbo (también conocido como Lite Mambo) CMS 1.0.4.2L y anteriores permite a atacantes remotos subir código PHP a la carpeta images/contact vía un nombre de fichero con extensión doble en el parámetro contact_attach en una opción de contacto en index.php, lo cual evita una insuficientemente restrictiva expresión regular."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A20A5711-44DE-42FD-A16F-0BF59F1171E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2:*:*:*:*:*:*:*","matchCriteriaId":"D899CC0B-334F-4794-A7C2-449545D728C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:limbo_cms:limbo_cms:1.0.4.2l:*:*:*:*:*:*:*","matchCriteriaId":"233B6A06-5CB5-4719-B40F-13C61D5E528E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/20044","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/2370","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/20044","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/2370","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}