Legend :
critical
high
medium
low
other
| id | 43163 |
|---|
| Risiko | other |
|---|
| Familie | CGI abuses |
|---|
| Kategori | infos |
|---|
| Navn | Invision Power Board < 3.0.5 Multiple Vulnerabilities |
|---|
| Sammenfatning | Checks version of Invision Power Board. |
|---|
| Beskrivelse | Synopsis :
The remote web server hosts a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote web server hosts a version of Invision Power Board earlier
than 3.0.5. Such versions are potentially affected by multiple
vulnerabilities :
- A local-file include vulnerability affects the 'section'
parameter sent to the 'forum/index.php' script.
- A SQL injection vulnerability affects the 'starter' and
'state' parameters of the
'admin/applications/forum/modules_public/moderate/moderate.php'
script.
- A cross-site scripting vulnerability is caused by
incorrect handling of '.txt' file attachments.
See also :
http://archives.neohapsis.com/archives/bugtraq/2009-12/0144.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0105.html
http://www.nessus.org/u?1407869f
Solution :
Upgrade to Invision Power Board 3.0.5 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
|
|---|
| CVE |
NOCVE |
| Bugtraq |
37208,37263 |
| Copyright |
(C) 2009 Tenable Network Security, Inc. |