Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1598

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1598
Last Modified 10 Sep 2008 03:39:36
Published 16 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1598

Summary

SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.

Vulnerable Systems

Application

  • Invision Power Services Invision Board 1.0

  • Invision Power Services Invision Board 1.0.1

  • Invision Power Services Invision Board 1.1.1

  • Invision Power Services Invision Board 1.1.2

  • Invision Power Services Invision Board 1.2

  • Invision Power Services Invision Board 1.3

  • Invision Power Services Invision Board 2.0 Alpha 3

  • Invision Power Services Invision Board 2.0 Pdr3

  • Invision Power Services Invision Power Board 2.0.3


References

MISC - http://www.gulftech.org/?node=research&article_id=00073-05052005

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=168016

BID - 13529

XF - invision-powerboard-login-sql-injection(20446)

MISC - http://www.securiteam.com/exploits/5GP0E2KFQQ.html

OSVDB - 16297

SECTRACK - 1014499

SECTRACK - 1013907

SECUNIA - 15265

MILW0RM - 1013

BUGTRAQ - 20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)

BUGTRAQ - 20050506 Multiple Vulnerabilities In Invision Power Board


Last Updated: 27 May 2016 10:40:14