Invision Power Board < 3.0.5 Multiple Vulnerabilities (deprecated)
High Nessus Network Monitor Plugin ID 5260
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Invision Power Board, a PHP bulletin board application. The installed version of Invision Power Board is potentially affected by multiple vulnerabilities :
- A local-file include vulnerability that affects the 'section' parameter sent to the 'forum/index.php' script.
- A sql-injection vulnerability that affects the 'starter' and 'state' parameters of the 'admin/applications/forum/modules_public/moderate/moderate.php' script.
- A cross-site scripting vulnerability caused by incorrect handling of '.txt' file attachments.
SolutionUpgrade to Invision Power Board 3.0.5 or later.