PT-2006-3041 · Invision · Invision Power Board

Iceshaman

Publicado

2006-04-26

Atualizado

2018-10-18

CVE-2006-2060

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 2.0.x through 2.1.x

Description The issue allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. This is a directory traversal vulnerability.

Recommendations For Invision Power Board (IPB) versions 2.0.x through 2.1.x, update to a version released after 20060425 to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2060

Produtos afetados

Invision Power Board

PT-2006-3041 · Invision · Invision Power Board

CVE-2006-2060

Identificadores relacionados

Produtos afetados

Referências · 11