PCI scan failed: Limbo CMS arbitrary command execution on LSWS console port

Discussion in 'Install/Configuration' started by Cameo, May 13, 2010.

  1. Cameo

    Cameo New Member

    For the past 7 or 8 weeks our PCI scanning service has been warning us of a vulnerability on the port we use for our web console listener:

    Any suggestions on how we can resolve this to maintain PCI-compliance?
  2. NiteWave

    NiteWave Administrator

    the solution is there following the link you provided:
    http://www.securityfocus.com/bid/16902/solution
    Solution:
    LimboCMS has released a cumulative patch to address this vulnerability. Please see the reference section for further details.

    this is a php vulnerability of LimboCMS. You've to contact LimboCMS to get the patch yourself. it's not related web server.
  3. Cameo

    Cameo New Member

    Nessus found an abandoned Joomla template that must have used LimboCMS for something. No idea why it was on the server listener port.

    Thank you!

Share This Page