Invision Power Board <= 2.2.2 Authentication Bypass
Low Nessus Network Monitor Plugin ID 4087
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running Invision Board, a CGI suite designed to set up a bulletin board system on the remote web server. This version of Invision Board is vulnerable to a flaw in the way that the 'sources/action_public/xmlout.php' script handles user-supplied data. An attacker exploiting this flaw would be able to change the instant messenger profile of another user. This could lead to a loss of confidential data.
SolutionUpgrade or patch according to vendor recommendations.