Vulnerabilities > CVE-2006-2498 - Unspecified vulnerability in Invision Power Services Invision Power Board
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
Vulnerable Configurations
References
- http://attrition.org/pipermail/vim/2006-May/000776.html
- http://attrition.org/pipermail/vim/2006-May/000776.html
- http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10026
- http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10026
- http://forums.invisionpower.com/index.php?showtopic=215527
- http://forums.invisionpower.com/index.php?showtopic=215527
- http://secunia.com/advisories/20158
- http://secunia.com/advisories/20158
- http://www.osvdb.org/25667
- http://www.osvdb.org/25667
- http://www.osvdb.org/25668
- http://www.osvdb.org/25668
- http://www.securityfocus.com/bid/18040
- http://www.securityfocus.com/bid/18040
- http://www.vupen.com/english/advisories/2006/1859
- http://www.vupen.com/english/advisories/2006/1859
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26541
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26541