ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote malicious users to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invision power services invision power board 2.1.5_2006-04-25 |
||
invision power services invision power board 2.2 |
||
invision power services invision power board 2.2.1 |
||
invision power services invision power board 2.2.2 |
||
invision power services invision power board |
||
invision power services invision power board 2.1.5_2006-03-08 |
||
invision power services invision power board 2.1.6 |