Vulnerabilities > CVE-2012-5692 - Unspecified vulnerability in Invisionpower Invision Power Board

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
invisionpower
critical
exploit available
metasploit
NVD
Published: 2012-10-31
Updated: 2012-10-31

Summary

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

Vulnerable Configurations

Part Description Count
Application
Invisioncommunity
2
Application
Invisionpower
7

D2sec

nameInvision Power Board 3.3.4 RCE
urlhttp://www.d2sec.com/exploits/invision_power_board_3.3.4_rce.html

Exploit-Db

  • descriptionInvision Power Board <= 3.3.4 unserialize Regex Bypass. CVE-2012-5692. Webapps exploit for php platform
    idEDB-ID:22547
    last seen2016-02-02
    modified2012-11-07
    published2012-11-07
    reporterwebDEViL
    sourcehttps://www.exploit-db.com/download/22547/
    titleInvision Power Board <= 3.3.4 unserialize Regex Bypass
  • descriptionInvision Power Board <= 3.3.4 - "unserialize()" PHP Code Execution. CVE-2012-5692. Webapps exploit for php platform
    idEDB-ID:22398
    last seen2016-02-02
    modified2012-11-01
    published2012-11-01
    reporterEgiX
    sourcehttps://www.exploit-db.com/download/22398/
    titleInvision Power Board <= 3.3.4 - "unserialize" PHP Code Execution
  • descriptionInvision IP.Board. CVE-2012-5692. Remote exploit for php platform
    idEDB-ID:22686
    last seen2016-02-02
    modified2012-11-13
    published2012-11-13
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/22686/
    titleInvision IP.Board <= 3.3.4 unserialize PHP Code Execution

Metasploit

descriptionThis module exploits a php unserialize() vulnerability in Invision IP.Board <= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
idMSF:EXPLOIT/UNIX/WEBAPP/INVISION_PBOARD_UNSERIALIZE_EXEC
last seen2020-06-01
modified2019-08-02
published2012-11-10
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
titleInvision IP.Board unserialize() PHP Code Execution

Packetstorm

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:76203
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-76203
    titleInvision Power Board <= 3.3.4 "unserialize()" PHP Code Execution
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:76346
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-76346
    titleInvision Power Board <= 3.3.4 unserialize Regex Bypass
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:60450
    last seen2017-11-19
    modified2012-11-04
    published2012-11-04
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-60450
    titleInvision Power Board &lt;= 3.3.4 &quot;unserialize()&quot; PHP Code Execution

References