Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2059

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2059
Last Modified 07 Mar 2011 09:35:05
Published 26 Apr 2006 04:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2059

Summary

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

Vulnerable Systems

Application

  • Invision Power Services Invision Power Board 2.1.5 2006-03-08


References

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=213374

VUPEN - ADV-2006-1534

BID - 17695

BUGTRAQ - 20060425 Invision Vulnerabilities, including remote code execution

XF - invision-search-file-include(26070)

BUGTRAQ - 20060710 Re: RE: Invision Vulnerabilities, including remote code execution

BUGTRAQ - 20060427 Invision Power Board 2.1.5 POC

BUGTRAQ - 20060427 Re: Invision Vulnerabilities, including remote code execution

OSVDB - 25005

SREASON - 796

SECUNIA - 19830


Last Updated: 27 May 2016 10:42:19