Invision Power Board Multiple Remote Security Vulnerabilities
BID:30921
Info
Invision Power Board Multiple Remote Security Vulnerabilities
| Bugtraq ID: | 30921 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 29 2008 12:00AM |
| Updated: | Sep 01 2008 08:16PM |
| Credit: | DarkFig |
| Vulnerable: |
Invision Power Services Invision Power Board 2.3.5 Invision Power Services Invision Power Board 2.2.2 |
| Not Vulnerable: | |
Discussion
Invision Power Board Multiple Remote Security Vulnerabilities
Invision Power Board is prone to multiple remote vulnerabilities.
Attackers can exploit these issues to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Invision Power Board 2.3.5 is vulnerable; other versions may also be affected.
Invision Power Board is prone to multiple remote vulnerabilities.
Attackers can exploit these issues to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Invision Power Board 2.3.5 is vulnerable; other versions may also be affected.
Exploit / POC
Invision Power Board Multiple Remote Security Vulnerabilities
Attackers can exploit these issues via a browser.
The following exploit code is available:
Attackers can exploit these issues via a browser.
The following exploit code is available:
Solution / Fix
Invision Power Board Multiple Remote Security Vulnerabilities
Solution:
The vendor has released a fix for the SQL-injection issues; please see the references for more information.
Currently we are not aware of any vendor-supplied patches for the other issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
The vendor has released a fix for the SQL-injection issues; please see the references for more information.
Currently we are not aware of any vendor-supplied patches for the other issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Invision Power Board Multiple Remote Security Vulnerabilities
References:
References:
- Invision Power Board Homepage (Invision Power Services )
- IP.Board 2.2.x and 2.3.x Security Patch (Invision)
- [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security ([email protected])
- [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities ([email protected])
- Re: [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Secur ([email protected])
- Re: [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities ([email protected])