CVE-2003-1385

Name of the Vulnerable Software and Affected Versions Invision Power Board version 1.1.1

Description The issue allows remote attackers to execute arbitrary PHP code if register globals is enabled. This is achieved by modifying the root path parameter to reference a URL on a remote web server that contains the code.

Recommendations For Invision Power Board version 1.1.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the ipchat.php file until a patch is available. Avoid using the root path parameter in the affected file until the issue is resolved.