PT-2006-1953 · Invision · Invision Power Board

Published

2006-02-28

Updated

2018-10-18

CVE-2006-0910

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 2.1.4 and earlier

Description The issue allows remote attackers to list directory contents via a direct request to multiple directories. The affected directories include sources/loginauth/convert/, sources/portal plugins/, cache/skin cache/cacheid 2/, ips kernel/PEAR/, ips kernel/PEAR/Text/, ips kernel/PEAR/Text/Diff/, ips kernel/PEAR/Text/Diff/Renderer/, style images/1/folder rte files/, style images/1/folder js skin/, style images/1/folder rte images/, and upgrade/ and its subdirectories.

Recommendations For Invision Power Board (IPB) versions 2.1.4 and earlier, consider restricting direct access to the listed directories as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0910

Affected Products

Invision Power Board

PT-2006-1953 · Invision · Invision Power Board

CVE-2006-0910

Related Identifiers

Affected Products

References · 6