PT-2005-2783 · Invision · Invision Power Board

Published

2005-06-01

Updated

2008-09-05

CVE-2005-1816

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 1.0 through 2.0.4

Description The issue allows non-root admins to elevate their privileges or those of other users by adding them to the root admin group. This is achieved through the "Move users in this group to" screen.

Recommendations For Invision Power Board (IPB) versions 1.0 through 2.0.4, restrict access to the "Move users in this group to" screen to prevent non-root admins from modifying group memberships.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1816

Affected Products

Invision Power Board

PT-2005-2783 · Invision · Invision Power Board

CVE-2005-1816

Related Identifiers

Affected Products

References · 5