CVE-2006-4859 Information

Description

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php which bypasses an insufficiently restrictive regular expression.

Reference

http://www.securityfocus.com/bid/20044 https://www.exploit-db.com/exploits/2370