PT-2020-7202 · Invision Power · Invision Power Board

Published

2020-01-09

Updated

2020-01-14

CVE-2012-2226

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Invision Power Board versions prior to 3.3.1

Description The issue allows remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file due to a failure to sanitize user-supplied input.

Recommendations For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2012-2226

Affected Products

Invision Power Board

PT-2020-7202 · Invision Power · Invision Power Board

CVE-2012-2226

Weakness Enumeration

Related Identifiers

Affected Products

References · 5