CVE-2007-4913

Name of the Vulnerable Software and Affected Versions: Invision Power Board versions 2.3.1 up to 20070912

Description: The issue allows remote attackers to upload arbitrary script files with crafted image filenames to the uploads/ directory, where they are saved with a .txt extension and are not executable. This is being tracked as security-relevant by the vendor, despite limited usage scenarios under which it would be a vulnerability.

Recommendations: For Invision Power Board versions 2.3.1 up to 20070912, consider restricting access to the uploads/ directory to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality in the class upload.php script until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.