Vulnerabilities > CVE-2005-3549 - Remote Security vulnerability in Invision Power Services Invision Board 2.0.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

invision-power-services

NVD

Published: 2005-11-16

Updated: 2018-10-19

Summary

Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Board 2.0.1	1

References

http://secunia.com/advisories/17443
http://www.securityfocus.com/archive/1/415798/30/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/40003