icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Invision Power Board <= 2.2.2 Authentication Bypass

Low

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running Invision Board, a CGI suite designed to set up a bulletin board system on the remote web server. This version of Invision Board is vulnerable to a flaw in the way that the 'sources/action_public/xmlout.php' script handles user-supplied data. An attacker exploiting this flaw would be able to change the instant messenger profile of another user. This could lead to a loss of confidential data.

Solution

Upgrade or patch according to vendor recommendations.