Vulnerabilities > CVE-2006-2319 - Input Validation vulnerability in IdealBB

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
ideal-science
nessus

Summary

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

Nessus

NASL familyCGI abuses
NASL idIBB_154B.NASL
descriptionThe remote host is running Ideal BB, an ASP-based forum software. According to its banner, the version of Ideal BB installed on the remote host reportedly allows an attacker to upload files with arbitrary ASP code, to view files under the web root, and to launch SQL injection and cross-site scripting attacks.
last seen2020-06-01
modified2020-06-02
plugin id21337
published2006-05-11
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21337
titleIdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal)