OSVDB ID: 35429

Title: Invision Power Board "Task PHP File To Run" Field Traversal Local File Inclusion

Info

Disclosure

Nov 04, 2005

Discovery

Unknown

Dates

Exploit

Nov 04, 2005

Solution

Unknown

Description

Invision Power Board contains a flaw that allows a remote attacker to execute arbitrary files outside of the web path. The issue is due to the 'Task PHP File to Run' field not properly sanitizing user input, specifically directory traversal style attacks (../../).

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Invision Power Services, Inc.

Invision Power Board

2.0.1

References

Secunia Advisory ID: 17443
CVE ID: 2005-3548 (see also: NVD)
Related OSVDB ID: 23337
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0060.html
Vendor URL: http://www.invisionboard.com/

Credit

Anti Matter - antimattergmail.com -

Direct URL: http://osvdb.org/36218