Invision Power Board Multiple Input Validation Vulnerabilities
BID:17020
Info
Invision Power Board Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17020 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2006 12:00AM |
| Updated: | Mar 10 2006 02:40AM |
| Credit: | The vendor reported these vulnerabilities. |
| Vulnerable: |
Invision Power Services Invision Board 2.1 Alpha2 Invision Power Services Invision Board 2.1 Invision Power Services Invision Board 2.0.4 Invision Power Services Invision Board 2.0.3 Invision Power Services Invision Board 2.0.2 Invision Power Services Invision Board 2.0.1 Invision Power Services Invision Board 2.0 PF2 Invision Power Services Invision Board 2.0 PF1 Invision Power Services Invision Board 2.0 PDR3 Invision Power Services Invision Board 2.0 Alpha 3 Invision Power Services Invision Board 2.0 |
| Not Vulnerable: |
Invision Power Services Invision Board 2.1.5 |
Discussion
Invision Power Board Multiple Input Validation Vulnerabilities
Invision Power Board is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input.
A successful exploit could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Note: Exploitation requires that the victim use Microsoft Internet Explorer browser.
Invision Power Board is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input.
A successful exploit could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Note: Exploitation requires that the victim use Microsoft Internet Explorer browser.
Exploit / POC
Invision Power Board Multiple Input Validation Vulnerabilities
These issues can be exploited through use of a web client.
These issues can be exploited through use of a web client.
Solution / Fix
Invision Power Board Multiple Input Validation Vulnerabilities
Solution:
The vendor has released version 2.1.5 to address this issue.
Invision Power Services Invision Board 2.0 PF1
Invision Power Services Invision Board 2.0 PDR3
Invision Power Services Invision Board 2.0
Invision Power Services Invision Board 2.0 PF2
Invision Power Services Invision Board 2.0 Alpha 3
Invision Power Services Invision Board 2.0.1
Invision Power Services Invision Board 2.0.2
Invision Power Services Invision Board 2.0.3
Invision Power Services Invision Board 2.0.4
Invision Power Services Invision Board 2.1
Invision Power Services Invision Board 2.1 Alpha2
Solution:
The vendor has released version 2.1.5 to address this issue.
Invision Power Services Invision Board 2.0 PF1
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0 PDR3
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0 PF2
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0 Alpha 3
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0.1
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0.2
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0.3
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.0.4
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.1
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
Invision Power Services Invision Board 2.1 Alpha2
-
Invision Power Services Invision Power Board 2.1.5
http://forums.invisionpower.com/index.php?showtopic=208568
References
Invision Power Board Multiple Input Validation Vulnerabilities
References:
References:
- Invision Board Homepage (Invision Power Services)