Vulnerabilities > Invision Power Services > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1385 | Code Injection vulnerability in Invision Power Services Invision Power Board 1.1.1 ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | 6.8 |
| 2002-10-11 | CVE-2002-1149 | Information Disclosure vulnerability in Invision Board 1.0/1.0.1 The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. | 5.0 |