Vulnerabilities > CVE-2006-2498 - Arbitrary PHP Code Execution vulnerability in Invision Power Board

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

invision-power-services

NVD

Published: 2006-05-20

Updated: 2017-07-20

Summary

Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.0.0 Invision Power Services Invision Power Board 2.0.1 Invision Power Services Invision Power Board 2.0.2 Invision Power Services Invision Power Board 2.0.3 Invision Power Services Invision Power Board 2.0.4 Invision Power Services Invision Power Board 2.1 Invision Power Services Invision Power Board 2.1.0 Invision Power Services Invision Power Board 2.1.1 Invision Power Services Invision Power Board 2.1.2 Invision Power Services Invision Power Board 2.1.3 Invision Power Services Invision Power Board 2.1.4 Invision Power Services Invision Power Board 2.1.5 Invision Power Services Invision Power Board 2.1.6 Invision Power Services Invision Power Board 2.1_Alpha2 Invision Power Services Invision Power Board 2.1_Beta2 Invision Power Services Invision Power Board 2.1_Beta3 Invision Power Services Invision Power Board 2.1_Beta4 Invision Power Services Invision Power Board 2.1_Beta5 Invision Power Services Invision Power Board 2.1_Rc1	19

Summary

Vulnerable Configurations

References