Vulnerabilities > CVE-2012-5692

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

invisionpower

invisioncommunity

exploit available

metasploit

NVD

Published: 2012-10-31

Updated: 2020-06-03

Summary

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Invisionpower Invisionpower Invision Power Board 3.1.4 Invisionpower Invision Power Board 3.1.3 Invisionpower Invision Power Board 3.2.1 Invisionpower Invision Power Board 3.1.0 Invisionpower Invision Power Board 3.1.1 Invisionpower Invision Power Board 3.2.2 Invisionpower Invision Power Board 3.2.0	7
Application	Invisioncommunity Invisioncommunity Invision Power Board 3.1.2 Invisioncommunity Invision Power Board 3.3.0	2

D2sec

name	Invision Power Board 3.3.4 RCE
url	http://www.d2sec.com/exploits/invision_power_board_3.3.4_rce.html

Exploit-Db

description	Invision Power Board <= 3.3.4 unserialize Regex Bypass. CVE-2012-5692. Webapps exploit for php platform
id	EDB-ID:22547
last seen	2016-02-02
modified	2012-11-07
published	2012-11-07
reporter	webDEViL
source	https://www.exploit-db.com/download/22547/
title	Invision Power Board <= 3.3.4 unserialize Regex Bypass

description	Invision Power Board <= 3.3.4 - "unserialize()" PHP Code Execution. CVE-2012-5692. Webapps exploit for php platform
id	EDB-ID:22398
last seen	2016-02-02
modified	2012-11-01
published	2012-11-01
reporter	EgiX
source	https://www.exploit-db.com/download/22398/
title	Invision Power Board <= 3.3.4 - "unserialize" PHP Code Execution

description	Invision IP.Board. CVE-2012-5692. Remote exploit for php platform
id	EDB-ID:22686
last seen	2016-02-02
modified	2012-11-13
published	2012-11-13
reporter	metasploit
source	https://www.exploit-db.com/download/22686/
title	Invision IP.Board <= 3.3.4 unserialize PHP Code Execution

Metasploit

description	This module exploits a php unserialize() vulnerability in Invision IP.Board <= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
id	MSF:EXPLOIT/UNIX/WEBAPP/INVISION_PBOARD_UNSERIALIZE_EXEC
last seen	2020-06-01
modified	2019-08-02
published	2012-11-10
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5692 http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-critical-security-update/
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
title	Invision IP.Board unserialize() PHP Code Execution

Packetstorm

data source	https://packetstormsecurity.com/files/download/117827/ipb334-exec.txt
id	PACKETSTORM:117827
last seen	2016-12-05
published	2012-11-01
reporter	EgiX
source	https://packetstormsecurity.com/files/117827/Invision-Power-Board-3.3.4-Code-Execution.html
title	Invision Power Board 3.3.4 Code Execution

data source	https://packetstormsecurity.com/files/download/117957/ipb334-bypass.txt
id	PACKETSTORM:117957
last seen	2016-12-05
published	2012-11-08
reporter	webDEViL
source	https://packetstormsecurity.com/files/117957/Invision-Power-Board-3.3.4-Unserialize-REGEX-Bypass.html
title	Invision Power Board 3.3.4 Unserialize REGEX Bypass

data source	https://packetstormsecurity.com/files/download/118064/invision_pboard_unserialize_exec.rb.txt
id	PACKETSTORM:118064
last seen	2016-12-05
published	2012-11-13
reporter	EgiX
source	https://packetstormsecurity.com/files/118064/Invision-IP.Board-3.3.4-unserialize-PHP-Code-Execution.html
title	Invision IP.Board 3.3.4 unserialize() PHP Code Execution

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:76203
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-76203
title	Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

bulletinFamily	exploit
description	No description provided by source.
id	SSV:76346
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-76346
title	Invision Power Board <= 3.3.4 unserialize Regex Bypass

bulletinFamily	exploit
description	No description provided by source.
id	SSV:60450
last seen	2017-11-19
modified	2012-11-04
published	2012-11-04
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-60450
title	Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

Vulnerabilities > CVE-2012-5692 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2012-5692"}]}

Summary

Vulnerable Configurations

D2sec

Exploit-Db

Metasploit

Packetstorm

Seebug

References

Vulnerabilities > CVE-2012-5692