PT-2005-2784 · Invision · Invision Power Board

Published

2005-06-01

Updated

2008-09-05

CVE-2005-1817

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 1.0 through 1.3

Description The issue allows remote attackers to edit arbitrary forum posts. This is achieved by sending a direct request to "index.php" with modified parameters.

Recommendations For Invision Power Board (IPB) versions 1.0 through 1.3, consider restricting access to the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using modified parameters in requests to "index.php" to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1817

Affected Products

Invision Power Board

PT-2005-2784 · Invision · Invision Power Board

CVE-2005-1817

Related Identifiers

Affected Products

References · 4