Iceshaman

**Name of the Vulnerable Software and Affected Versions** Invision Power Board (IPB) versions 2.0.x through 2.1.x before 20060425 **Description** The issue allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the `lastdate` parameter. This is achieved by altering the behavior of a regular expression to add a "#e" (execute) modifier in the `action public/search.php` file. **Recommendations** For Invision Power Board (IPB) versions 2.0.x through 2.1.x before 20060425, consider restricting access to the `action public/search.php` file until a fix is available. As a temporary workaround, avoid using the `lastdate` parameter in the search functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Invision Power Board (IPB) versions 2.0.x through 2.1.x **Description** The issue allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the `name` parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. This is a directory traversal vulnerability. **Recommendations** For Invision Power Board (IPB) versions 2.0.x through 2.1.x, update to a version released after 20060425 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Invision Power Board (IPB) versions 2.0.x through 2.1.x **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `ck` parameter in lib/func taskmanager.php, which can inject at most 32 characters. **Recommendations** For Invision Power Board (IPB) versions 2.0.x through 2.1.x, consider restricting access to the vulnerable `ck` parameter in the lib/func taskmanager.php file until a fix is available.