Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
BID:18040
CVE-2006-2498 |Info
Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
| Bugtraq ID: | 18040 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 19 2006 12:00AM |
| Updated: | May 19 2006 08:13PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Invision Power Services Invision Power Board 2.1.5.2006.04.25 Invision Power Services Invision Power Board 2.1.5.2006.03.08 Invision Power Services Invision Board 2.1.6 Invision Power Services Invision Board 2.1.5 Invision Power Services Invision Board 2.1.4 Invision Power Services Invision Board 2.1 Alpha2 Invision Power Services Invision Board 2.1 Invision Power Services Invision Board 2.0.4 Invision Power Services Invision Board 2.0.3 Invision Power Services Invision Board 2.0.2 Invision Power Services Invision Board 2.0.1 Invision Power Services Invision Board 2.0 PF2 Invision Power Services Invision Board 2.0 PF1 Invision Power Services Invision Board 2.0 PDR3 Invision Power Services Invision Board 2.0 Alpha 3 Invision Power Services Invision Board 2.0 Invision Power Services Invision Board 1.3.1 Final Invision Power Services Invision Board 1.3 Final Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.2 Invision Power Services Invision Board 1.1.2 Invision Power Services Invision Board 1.1.1 Invision Power Services Invision Board 1.0.3 Invision Power Services Invision Board 1.0.1 Invision Power Services Invision Board 1.0 |
| Not Vulnerable: | |
Discussion
Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
Invision Power Board is prone to multiple remote code-execution vulnerabilities. These issues may allow an attacker to gain unauthorized access to a vulnerable computer by executing arbitrary PHP code.
These issues affect versions 2.1.6 and 2.0.4; earlier versions are also vulnerable.
Invision Power Board is prone to multiple remote code-execution vulnerabilities. These issues may allow an attacker to gain unauthorized access to a vulnerable computer by executing arbitrary PHP code.
These issues affect versions 2.1.6 and 2.0.4; earlier versions are also vulnerable.
Exploit / POC
Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
These issues can be exploited through a web client.
These issues can be exploited through a web client.
Solution / Fix
Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
Solution:
The vendor has released updates to address these issues. Please contact the vendor for information on obtaining the appropriate updates.
Solution:
The vendor has released updates to address these issues. Please contact the vendor for information on obtaining the appropriate updates.
References
Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
References:
References:
- Company News and Updates (Invision Power Services)
- Invision Board Homepage (Invision Power Services)