Published: 26/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x prior to 20060425 allows remote malicious users to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invision power services invision power board 2.1.5_2006-03-08

#!/usr/bin/perl ## Invision Power Board 2* commands execution exploit by RST/GHC ## vulnerable versions <= 215 ## tested on 214, 202 ## ## (c)oded by 1dtw0lf ## RST/GHC ## rstvoidru ## ghcru use IO::Socket; use Getopt::Std; getopts("l:h:p:d:f:v:"); $host = $opt_h; $dir = $opt_d; $login = $opt_l; $passwor ...

NVD-CWE-Other http://forums.invisionpower.com/index.php?showtopic=213374 http://www.securityfocus.com/bid/17695 http://www.osvdb.org/25005 http://secunia.com/advisories/19830 http://securityreason.com/securityalert/796 http://www.vupen.com/english/advisories/2006/1534 https://exchange.xforce.ibmcloud.com/vulnerabilities/26070 http://www.securityfocus.com/archive/1/439607/100/0/threaded http://www.securityfocus.com/archive/1/432451/100/0/threaded http://www.securityfocus.com/archive/1/432226/100/0/threaded http://www.securityfocus.com/archive/1/431990/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1720/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2059

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect