CVE-2006-2060 in IP.Boardinformazioni

Riassunto

di MITRE

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Prenotare

26/04/2006

Divulgazione

26/04/2006

Moderazione

accettato

CPE

pronto

EPSS

0.02182

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!