PT-2005-2783 · Invision · Invision Power Board

Publicado

2005-06-01

Atualizado

2008-09-05

CVE-2005-1816

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 1.0 through 2.0.4

Description The issue allows non-root admins to elevate their privileges or those of other users by adding them to the root admin group. This is achieved through the "Move users in this group to" screen.

Recommendations For Invision Power Board (IPB) versions 1.0 through 2.0.4, restrict access to the "Move users in this group to" screen to prevent non-root admins from modifying group memberships.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-1816

Produtos afetados

Invision Power Board

PT-2005-2783 · Invision · Invision Power Board

CVE-2005-1816

Identificadores relacionados

Produtos afetados

Referências · 5