Invision Power Board Remote Image File Disclosure Vulnerability
BID:40140
Info
Invision Power Board Remote Image File Disclosure Vulnerability
| Bugtraq ID: | 40140 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2010 12:00AM |
| Updated: | Apr 01 2010 12:00AM |
| Credit: | Cryptovirus |
| Vulnerable: |
Invision Power Services Invision Power Board 3.0.5 |
| Not Vulnerable: | |
Discussion
Invision Power Board Remote Image File Disclosure Vulnerability
Invision Power Board is prone to a remote file-disclosure vulnerability.
An attacker can exploit this vulnerability to view image files in the context of the webserver process. This may aid in further attacks.
Invision Power Board 3.0.5 is vulnerable; other versions may also be affected.
Invision Power Board is prone to a remote file-disclosure vulnerability.
An attacker can exploit this vulnerability to view image files in the context of the webserver process. This may aid in further attacks.
Invision Power Board 3.0.5 is vulnerable; other versions may also be affected.
Exploit / POC
Invision Power Board Remote Image File Disclosure Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Invision Power Board Remote Image File Disclosure Vulnerability
Solution:
A patch is available. Please see the references for more information.
Solution:
A patch is available. Please see the references for more information.
References
Invision Power Board Remote Image File Disclosure Vulnerability
References:
References:
- Invision Board Homepage (Invision Power Services)
- IP.Board 3.0.5 Security Update (Invision Power Services)