Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4913

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4913
Last Modified 05 Sep 2008 05:29:23
Published 17 Sep 2007 01:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4913

Summary

ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.

Vulnerable Systems

Application

  • Invision Power Services Invision Power Board 2.1.5 2006-03-08

  • Invision Power Services Invision Power Board 2.1.5 2006-04-25

  • Invision Power Services Invision Power Board 2.1.6

  • Invision Power Services Invision Power Board 2.2

  • Invision Power Services Invision Power Board 2.2.1

  • Invision Power Services Invision Power Board 2.2.2

  • Invision Power Services Invision Power Board 2.3.1


References

CONFIRM - http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870

CONFIRM - http://forums.invisionpower.com/index.php?showtopic=237075


Last Updated: 27 May 2016 10:46:01