OSVDB ID: 25008

Title: Invision Power Board action_admin/paysubscriptions.php name Variable Traversal Arbitrary PHP File Inclusion

Info

Disclosure

Apr 25, 2006

Discovery

Unknown

Dates

Exploit

Apr 25, 2006

Solution

Unknown

Description

Invision Power Board contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to action_admin/paysubscriptions.php not properly sanitizing user input supplied to the 'name' variable. This may allow an attacker to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Invision Power Services, Inc.	Invision Power Board	2.1.5
		2.1.5 (2006.03.08)
		2.1.5 (2006.04.25)
		2.0.x
		2.1
		2.1 Alpha2
		2.1.2
		2.1.3
		2.1.4

References

Secunia Advisory ID: 19830
CVE ID: 2006-2060 (see also: NVD)
Related OSVDB ID: 25005 25006 25007
VUPEN Advisory: ADV-2006-1534
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0522.html
Vendor Specific News/Changelog Entry: http://forums.invisionpower.com/index.php?showtopic=213374

Credit

IceShaman - http://HackThisSite.org
Wells - http://HackThisSite.org

Direct URL: http://osvdb.org/25008

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Invision Power Services, Inc.

Invision Power Board

References

Credit